Profiling for underground service harvests mobile phone numbers

Dancho Danchev profiled a new service harvests mobile phone numbers advertised in the underground, the vendor also proposing SMS spamming and phone number verification service.

A new service harvests mobile phone numbers advertised in the underground is the demonstration that mobile is becoming a privileged target for cybercrime. Botnets, mobile malware, ransomware, DDoS applications and hacking tools are becoming part of the offer in the underground.

But underground is very dynamic and new proposal daily emerge from the black market, today I’ll discuss about a new service launched that harvest mobile phone numbers on demand.

A couple of months ago researcher Dancho Danchev already remarked the increasing public availability of managed SMS spam services,  these services could be used by criminals to send hundreds of thousands of SMS messages. The offer for managing SMS spam services was also completed by the possibility to use proprietary or publicly obtainable phone number harvesting application. The underground offer it is able to provide all necessary for illicit activities such as DIY applications for the verification of the validity for harvesting mobile numbers.

In his last post Danchev profiled a new interesting service harvests mobile phone numbers, the service appears very efficient if it is considered that customers could customize the harvesting criteria.

One of the principal feature that catch my attention is the fact that the service explicitly points out the time frame required for the harvesting to take place:

• from a 1000 to 35,000 harvested phone numbers based on criteria – 1 to 12 hours
• from 50,000 harvested numbers and more based on criteria – 72 to 86 hours

The previous image is a screenshot reporting a view of the harvested data, each customer could choose harvesting criteria for his demand, default options are:

• user ID on the Web site from where the mobile phone number was originally harvested
• name/nickname
• city
• education background
• ork position
• contact details (as provided)
• ICQ and Skype

But the services provide more interesting features for customization of the demand of harvested phone numbers. The cyber criminals could in fact express preference for a geographic area (Country, Region or City) or could be interested in exploits phone numbers of a private organization or an E-shops service. The attackers could also select numbers to harvest based  on sex, age and work position of victims, all these information as it is imaginable could allow a criminal to select with surgical precision the scope of its action and the target to attack.

Manager of the service harvests mobile phone numbers promises 100% custom harvesting based on a potential customer’s preference,  the accepted payment method for the service is WebMoney.

Danchev revealed that the vendor of the service harvests mobile phone numbers is trying to increase its reputation in underground also proposing SMS spamming/SMS based TDoS (telephony denial of service attack) services and phone number verification services.

As stated by Danchev security experts believe that offer following cybercrime-as-a-service model will increase in the next months due the high interest manifested by crime in mobile platforms.

Pierluigi Paganini

(Security Affairs –  service harvests mobile phone numbers. cybercrime)