SMS Bomber attacks are becoming more prominent as a contemporary risk that has the potential to have substantial and unsettling repercussions in the field of cybersecurity, which is plagued by ever-evolving threats. In recent days, almost all of us have been contacted by SMS or phone calls from numbers we are unable to identify on our mobile devices. Nearly every one of these numbers originates from a commercial enterprise, a sales company, or an illicit gambling website that has the consent of its consumers to send them SMS messages.
An SMS Bomber attack would normally target the phone number of the victim and send a high number of text messages over the course of some amount of time. These messages have the potential to cause the victim’s phone to continuously vibrate, play alarm tones, or be inundated with alerts. These kinds of attacks have the potential to make the victim’s phone inoperable and disrupt regular communication.
Researchers in the field of information security at SOCRadar recently made the discovery that hackers are now peddling attack tools known as SMS Bomber on many underground forums. Despite the fact that these assaults are carried out for a variety of unethical reasons, including:
Trolling
Cyberbullying
Diverting the attention of the target Distribution platforms
In addition, threat actors are using messaging and open-source code-sharing sites such as: aside the underground forums, for the distribution and sale of SMS Bomber attack tools threat actors are also leveraging the platforms like:
Telegram
ICQ
Discord
GitHub
Replit
Market and Pricing of SMS Bombers The security experts at SOCRadar discovered the following pricing chart on one of the underground forums:
Email flooding for one hour will cost you $1.7.
Price ranges from $8 to $14 for a flood phone call lasting one hour (120–200 calls per hour coming from various numbers). (United States/Canada)
Price for flooding a phone with SMS for one hour is $18 (4-5 messages sent each minute). (United States/Canada)
The price of one spam text message in the United States and Canada is $0.03 (CAD).
Additional postings and service posts uncovered by the researchers across a variety of online communities and platforms, including:-
In addition, by following the redirected URL, it was possible to find a membership-based panel that provided a variety of services, one of which was SMS assaults. With costs dependent on the length of the assault, such as:
7.50 dollars for one hour
$615 for a 100-hour workweek
When it came to messaging platforms, however, experts discovered a channel on Telegram that had 94,925 users and had been operational since December 16, 2022. This put Telegram at the top of the pile, and it was clear why.
Security experts have established direct connection with the bot in order to get all available information about pricing.
When asked, “What can it do?,” the bot will offer the following responses: Here, below, we have listed all of the responses that are supplied by the bot:
Perform SMS flooding
Make flood calls
Send callback requests
Send prank calls
Send a recording of the call
During the course of their inquiry, the researchers came across another Telegram channel that had 352 users and on which they identified an SMS Validator application.
This application is an SMS Bomber due to the fact that it functions just like an SMS Bomber and may be purchased for $18 for single use or for lifetime access.
In the case of open-source sharing sites such as GitHub and Replit, experts in the field of cybersecurity discovered the following top searches, along with the number of times each was used in the code:
SMS bomb with 1K Code
SMS bomber with 4.9K Code
SMS bombing with 341 Code
In addition to all of these platforms, specialists made use of Google Dorks in order to get additional data that assisted in mapping the web addresses, countries of association, and information about sectors.
Countries of Affiliation
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.