From thehackernews.com
An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation.
SMS PVA services, since gain prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services and platforms, and help bypass SMS-based authentication and single sign-on (SSO) mechanisms put in place to verify new accounts.
“This type of service can be used by malicious actors to register disposable accounts in bulk or create phone-verified accounts for conducting fraud and other criminal activities,” Trend Micro researchers said in a report published last week.