Malicious ‘SNS Sender’ Script Abuses AWS for Bulk Smishing Attacks

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

February 16, 2024 at 06:45AM

A Python script called SNS Sender is being utilized to send fraudulent SMS messages through AWS SNS, posing as messages from USPS to trick users into disclosing personal and payment information. The tool leverages AWS SNS to conduct SMS spamming attacks and is linked to a threat actor named ARDUINO_DAS. The operation may have been active since July 2022 and is part of ongoing attempts by threat actors to exploit cloud environments for smishing campaigns. Additionally, the article highlights other innovative tactics used by threat actors, such as using advertising networks and legitimate platforms like Discord to deploy malware.

Based on the meeting notes, the main takeaways are as follows:

1. A malicious Python script called SNS Sender is being used by threat actors to conduct SMS phishing (smishing) attacks by abusing the Amazon Web Services (AWS) Simple Notification Service (SNS).
2. The smishing scams often impersonate the United States Postal Service (USPS) and are designed to capture victims’ personally identifiable information (PII) and payment card details.
3. The sender ID is mandatory for sending the scam texts, and its support varies from country to country.
4. There are links between the threat actor ARDUINO_DAS and over 150 phishing kits offered for sale, indicating a widespread impact.
5. The deployment of SNS Sender may have been active since at least July 2022, and there are indications that the kits have a hidden backdoor sending logs to another place.
6. There have been other instances of threat actors using advertising networks and platforms like Discord to stage and distribute malware, showcasing their continuous innovation in tactics.

These takeaways provide a comprehensive understanding of the cyber threats discussed in the meeting.

Full Article