Computer security researchers uncovered a new malware tactic that uses a HTTP injector attack capable of harvesting mobile data connections. The criminals are actively using this strategy to gain free Internet access.
HTTP Injector Attack Method Revealed
A team of security researchers alerted the community of a dangerous new malware tactic used by hackers. It appears that many criminals are actively using a HTTP injector method that can hijack Internet access. The required tools are being sold and traded on the underground hacker markets and forums as one of the most popular items currently available.
The HTTP injectors modify the sent Internet packets in order to overcome security and access measures placed by Internet service providers (ISPs) and businesses. This is one of the most widely used ways by enterprises to control overall web users. Public Wi-Fi hot spots, restaurants and hotels are among the locations where it is most likely to use captive portals. The security researchers have been able to analyze how the criminals have been able to bypass the countermeasures.
The attack begins with a mobile device loaded with a SIM card with zero carrier balance. Using the installed browser the criminals connect to a data-free site in order to avoid the captive portal connection. When the criminals have made the appropriate connections important packet data is captured. Using the HTTP injector tools a SSH proxy tunnel is created in order to bypass the protection.
The criminals have been found to use Telegram groups, especially on Spanish and Portuguese language channels. It is estimated that there are hundreds of groups and their numbers are gradually growing. The researchers give an example group that has more than 90 000 members. It is very possible that other alternative methods of communication are also used.
There are two major reasons why the telecommunication companies should implement protective steps against these tools:
- Service Abuse — Probably the most important reason is the fact that the HTTP injectors practically allows the hackers to use a mobile data connection without paying for the provided service.
- Malware Abuse — Security researchers worry that the exploited connections can be used for various criminal purposes such as DDоS attacks, traffic redirect and illegal files transfer.
Due to the fact that the packet manipulation can take place it can be used to hijack all sent information. At the moment it is not known how much revenue was lost due to the found cases of mobile data abuse.