CYBER NEWS

HTTP Injector Attacks Harvest Mobile Data Connections

HTTP Injector image

Computer security researchers uncovered a new malware tactic that uses a HTTP injector attack capable of harvesting mobile data connections. The criminals are actively using this strategy to gain free Internet access.

HTTP Injector Attack Method Revealed

Related Story: TeleRAT Android Trojan Uses Telegram Bot API for C&C Communication

A team of security researchers alerted the community of a dangerous new malware tactic used by hackers. It appears that many criminals are actively using a HTTP injector method that can hijack Internet access. The required tools are being sold and traded on the underground hacker markets and forums as one of the most popular items currently available.

The HTTP injectors modify the sent Internet packets in order to overcome security and access measures placed by Internet service providers (ISPs) and businesses. This is one of the most widely used ways by enterprises to control overall web users. Public Wi-Fi hot spots, restaurants and hotels are among the locations where it is most likely to use captive portals. The security researchers have been able to analyze how the criminals have been able to bypass the countermeasures.

The attack begins with a mobile device loaded with a SIM card with zero carrier balance. Using the installed browser the criminals connect to a data-free site in order to avoid the captive portal connection. When the criminals have made the appropriate connections important packet data is captured. Using the HTTP injector tools a SSH proxy tunnel is created in order to bypass the protection.

The criminals have been found to use Telegram groups, especially on Spanish and Portuguese language channels. It is estimated that there are hundreds of groups and their numbers are gradually growing. The researchers give an example group that has more than 90 000 members. It is very possible that other alternative methods of communication are also used.

There are two major reasons why the telecommunication companies should implement protective steps against these tools:

  • Service Abuse — Probably the most important reason is the fact that the HTTP injectors practically allows the hackers to use a mobile data connection without paying for the provided service.
  • Malware Abuse — Security researchers worry that the exploited connections can be used for various criminal purposes such as DDоS attacks, traffic redirect and illegal files transfer.

Due to the fact that the packet manipulation can take place it can be used to hijack all sent information. At the moment it is not known how much revenue was lost due to the found cases of mobile data abuse.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

1 Comment

  1. AvatarGary

    I was also introduced to http injector app, it seemed too good to be true that been given 200MB daily for free…
    Later when I tried to login to my internet banking it started saying my credentials are incorrect and I could no longer access my bank account online.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...