Latest news with #SMSBlaster
Forbes
8 hours ago
- Forbes
Android Warning For 3.3 Billion Users As SMS Attacks Surge
Android SMS attacks surge by 692%. That Android's 3.3 billion users face a myriad of cyber threats is not a surprise to anyone. There's malware that can steal your photo gallery, the UNC6040 attacks that prompted Google to issue a threat intelligence warning, and, of course, the multitude of AI-powered attack threats. But, at the center of all of this cyberattack activity sits one thing: SMS. Google has already issued advice on how to mitigate the dangers of recent SMS Blaster attacks, where the hacker doesn't even need to know your phone number. Now, a Malwarebytes threat analysis has uncovered an alarming 692% surge in SMS-based attacks against Android users. Here's what you need to know. Android Threat Landscape Enters New And Dangerous Phase According to threat intelligence analysts at Malwarebytes, the Android threat landscape is not just evolving, it is entering an entirely new phase of its evolution. Pieter Arntz, a malware intelligence researcher at Malwarebytes, this represents 'an era marked not just by volume, but by coordination and precision.' Android attackers aren't 'throwing malware at users and hoping for results,' Arntz warned, but they are 'building ecosystems.' The June 30 Malwarebytes Labs report analyzed Android threats across the first six months of 2025, and found that Android threats as a whole have risen by 151%. However, it's when you start digging into the specific threat types that some worrying trends emerge. Spyware has seen 147% increase, with February and March taking the biggest brunt as a 4 times multiplication of the baseline was observed. But it is the SMS attack landscape that worries me, and Arntz, the most. Between April and May there was an incredible 692% surge in SMS-based malware attacks. Although there are seasonal factors to consider, with it being the tax seasons and all, Arntz said the surge was 'a jump that we can't just chalk up to coincidence.' Instead, Arntz sees this as reflecting a shift in strategy from the attackers who are scaling their operations to exploit 'both human psychology and systemic weak points.' Android attackers are 'playing the long game now — developing monetization strategies for every type of data they can harvest; every user behavior they can exploit,' Shahak Shalev, senior director of research and development for online platforms at Malwarebytes, warned. Mitigating The Android SMS Attack Surge To protect yourself, and your Android devices, from the latest SMS attacks, you should employ the following mitigations: Always use the official Google Play store to download your Android apps. Take care when granting permissions to a new app. Permissions like 'Display over other apps' should particularly raise a red flag, Arntz warns, as they can be used to intercept login credentials. SMS Blaster attacks us 2G networks, so disable 2G from your Android settings. Run a Google Security Checkup on your Android smartphone to ensure your Google account, a prime target for attackers, is as secure as possible.
Forbes
a day ago
- Forbes
Google's Android Warning For 3 Billion Users: Change This Setting Now
Change this setting as Android SMS attacks evolve. As news of a dangerous hacking campaign has emerged, which enabled the attacker to send malicious SMS messages to nearby Android smartphones without even knowing the phone numbers, Google has a warning for all 3 billion Android users: change this setting now. The SMS Blaster Android Threat We all know that links in SMS messages are bad, m'kay. Heck, even the FBI has been warning smartphone users not to click on the things recently. But here's something you probably were not aware of: hackers can send these messages without knowing your smartphone number. How so, do I hear you screaming at the screen? Using something called an SMS Blaster is the answer. As I reported Jun 26, an SMS Blaster enables a threat actor to have, in effect, an illegal cellphone mast in the boot of their car. This fools nearby smartphones into connecting to it by having a stronger, albeit only 2G, signal than the legitimate cellphone mast used by the network provider. These are part of a threat known as Stingray attacks, all of which utilize insecure and dangerous rogue cell mast approaches to hack your Android smartphone. Although the chances of being caught in an SMS Blaster or Stingray attack are slim, do you really want to take the risk? Mitigate The SMS Blaster Threat By Changing This Android Setting The good news, other than the latest threat actor found to be using an SMS Blaster was arrested in London and has just been sentenced to a year in prison, is that there's an easy way to stop these attacks. 'Android 12 introduced a user option to disable 2G at the modem level, a feature first adopted by Pixel,' Google's Android security and privacy team said. 'This option, if used, completely mitigates the risk from SMS Blasters.' Android 16 offers new 2G Network Protection feature. Android 16 will introduce new defenses as well, including something called 2G Network Protection that will prevent the Android device from connecting to older networks. This is part of a protection package called, aptly enough, mobile network security. This includes notifications when the Android device connects to an unencrypted network, which takes the user to the Safety Center for more information. This detection of potentially dangerous cellphone masts will be another weapon in the Android user armoury to fight the SMS Blaster threat.
Phone Arena
3 days ago
- Phone Arena
Google says you must disable this setting now to stop attacks from malicious texts
Google has issued a warning for smartphone users and you need to take this seriously. One reason is because this warning comes from Google and the second reason is because of how these attacks work. Imagine criminals able to send you malicious SMS text messages directly to your phone bypassing the mobile network. You might be wondering how such an attack is even possible and what you can do to prevent it from happening to you. These attacks use something called SMS Blasters which trick phones into making a direct connection with an attacker's radio device by making it seem as though it is a real network access point. Since attackers aren't using a mobile network to send their malicious texts to victims, they don't need a list of phone numbers belonging to potential victims to target. Instead, the cyber crooks pick a specific area to target. This is most likely a high-income area with plenty of wealthy phone owners. With one tap you can give your Android phone greater protection. | Image credit-PhoneArena Recently an SMS Blaster-wielding attacker was caught in the U.K. His capture led police in the U.K. to warn that these criminals will try "to bypass fraud prevention measures designed to protect consumers [to] steal personal and financial information, so it's important that customers are alert to potential threats of fraud, particularly text messages." Google points out, as we did earlier, that injecting text messages directly into victims' phones bypasses the victim's carrier network. As a result, all of the fancy anti-spam features and anti-scam filters offered by a carrier will basically do nothing and offer no protection. Google says thyat smartphone users should disable 2G connectivity on their devices. | Image credit-Google Google says that it has seen the "SMS Blaster fraud" in multiple countries. Additionally, Google says that there is evidence "of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators." The company says that the first thing you need to do to save yourself from becoming a victim of these attacks is to disable 2G networks on your phone. 2G is so insecure compared to more recent networks, even 3G. 2G is disabled by default if you have Android 16's new Advanced Protection Mode enabled. The police also advise you to disable 2G on your phone. Here is the thing you need to be on the lookout for. Even in areas where 2G has been completely disconnected, your phone will still connect to a fake cell access point if it has 2G enabled. To disable 2G on your Android 16 -powered phone go to Settings > Security & privacy > Advanced protection . From the Advanced Protection page, toggle on Device protection. This one toggle will detect suspicious activity indicating your phone has been stolen. When the device is locked, it limits new UBS connections for charging only. It also will force your phone to reboot if it's locked for 72 hours. It also prevents 2G calls (except in emergency situations). Unlike Android, the only way to disable 2G on the iPhone is to use Apple's nuclear Lockdown Mode option which is designed for those who are targeted by attackers because of who they are. This mode, when enabled, severely limits your iPhone's functionality to help protect the user. While the SMS Blaster could be a major problem if you find yourself in the range of one, Trend Micro said in its latest report that the number one threat on smartphones last month remained "cybercriminals using their regular tactics in trying to scam consumers, with scammers impersonating well known brands such as PayPal, Netflix, Mater Lotteries, Toyota and Google." Trend Micro reminds you that "the golden rule of any scam, online or otherwise, is that if something sounds too good to be true, it probably is." Trend Micro says to watch out for an "Unexpected contact." The firm says, "Remember, genuine organizations don't contact you out of the blue, asking you to disclose personal or financial details via a text message." Also, watch for spelling and grammatical errors. "If a message doesn't look professional, that's a red flag that it's probably a scam. Legitimate organizations rarely make glaring spelling or grammatical errors in customer communications." Lastly, if a message isn't relevant to you, it is probably a scam. If you aren't waiting for a package to be delivered, texts about a parcel are bogus. If you didn't enter a sweepstakes or a contest, texts related to those are fake. If a message is about a gift card, did you buy one from the retailer mentioned in the text? If not, well, you know what I am going to say. Many Pixel users don't know what features they have to help them fight back against malicious messages. To help, Google is reportedly looking to integrate Scam Detection and Call Screen features into the Pixel setup process helping Pixel users know what features need to be enabled for their protection. Secure your connection now at a bargain price! We may earn a commission if you make a purchase Check Out The Offer
Forbes
4 days ago
- Forbes
Windows Warning Issued As Printers Used In New Hack Attacks
Hackers are using printers to attack Windows devices. Nobody should be surprised by now at the ingenuity of threat actors looking to hack your accounts and devices. I have recently reported on how SMS attackers can strike without knowing your phone number using the SMS Blaster machine, a smartwatch can be used to hack even highly secure air-gapped networks, and even Windows secure boot protections can be bypassed. What might come as a surprise, however, is the news that a new and ongoing hack attack campaign is enlisting the help of your printer to hack your Windows systems. Here's what you need to know. Windows Users Warned As Microsoft 365 Direct Send Hackers Deploy Printers To Attack A new report by the Varonis Managed Data Detection and Response Forensics team has confirmed an ongoing threat campaign, already known to have targeted at least 70 organizations, the vast majority of which are based in the U.S., using on-premises devices such as printers to exploit a poorly known Microsoft 365 feature to deploy the Windows hacking attack. That feature is Direct Send, allowing devices such as printers and scanners to send email without any authentication. I mean, what could possibly go wrong? Quite a lot, as it happens. 'Threat actors are abusing the feature to spoof internal users and deliver phishing emails without ever needing to compromise an account,' Tom Barnea, a forensics specialist at Varonis, said. The as yet unnamed hackers used this Microsoft 365 Direct Send function in order to target predominantly U.S. organizations with malicious messages that are 'subject to less scrutiny compared to standard inbound email,' according to Barnea. The Varonis investigation has concluded that the ongoing threat campaign appears to have started in May 2025, with a level of 'consistent activity over the past two months.' Mitigating The Windows Printer Attack To mitigate the Microsoft 365 Direct Send attacks, Varonis recommends organizations do the following: Microsoft, meanwhile, said that most Microsoft 365 and Windows customers don't need to use the Direct Send feature, and it is working on an option to disable it by default to protect customers. 'We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,' Microsoft concluded.
Forbes
5 days ago
- Forbes
Do Not Use These Networks On Your Smartphone, Warns Google
Doi not make these dangerous connections. Republished on June 26 with new advice for smartphone users on these threats. A timely caution for smartphone users this week, with the police warning criminals can push malicious SMS texts directly onto their phones, bypassing mobile networks. This is why Google warns all smartphone users to change their networks settings. The threat comes from so-called SMS blasters, which trick phones into making a direct connection with an attacker's radio device, thinking it's a real network access point. The texts themselves are no different to the ones coming via normal networks — but for an attacker there's no need to have a list of target numbers, they can select a target location instead. This means they can prioritize areas with richer pickings. Police in the U.K, when one SMS-blasting cyber criminal was jailed this week, warn that criminals will try "to bypass fraud prevention measures designed to protect consumers [to] Google warns that 'this method to inject messages entirely bypasses the carrier network, thus bypassing all the sophisticated network-based anti-spam and anti-fraud filters.' The company has now seen this 'SMS Blaster fraud' in multiple countries. Google also says that increasing evidence 'of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators' means users need to act. The solution is to disable 2G networks on your phone. This is still dependent on manufacturer and model, but you can search for 2G or phone or cellular settings to check if it's available. 2G is woefully insecure compared to more recent networks, particularly 5G but also 4G (LTE) and even 3G. This is why Google and Samsung are upgrading devices to prevent Android phones connecting to these less secure networks. 2G is also disabled by default if Android 16's new Advanced Protection Mode is enabled. The police advice is to disable 2G. Disable 2G on your phone Remember, even in locations where 2G has been sunsetted, the phone will still connect to a fake cell access point if it has 2G enabled. This is a device level problem. As a rarity, this is one security area where Androids beat iPhones. You cannot currently disable 2G on an Apple device unless you use Apple's Lockdown Mode sledgehammer. But you can filter texts from unknown numbers and treat them all with suspicion. And the advice not to click links is the same however a text was sent to your phone. And on that note, while SMS blasters might be a risk to users unlucky enough to find themselves in the vicinity of one, the real dangers remain network based. According to Trend Micro's latest report, the primary threat last month was 'cybercriminals using their regular tactics in trying to scam consumers, with scammers impersonating well known brands such as PayPal, Netflix, Mater Lotteries, Toyota and Google.' The security firm says 'the golden rule of any scam, online or otherwise, is that if something sounds too good to be true, it probably is.' And that holds true however a text is sent to your phone, and whatever lure is used to trick you into engaging. Trend Micro advises users to watch for these danger signs:
