News

Researchers Find Out Most SS7 Hacking Suggestions Are Scams

SOS Intelligence has examined the darknet for proposals to hack SS7 and found 84 unique .onion domains that advertised such services, but it turned out that scammers were simply hiding behind these sites.

Let me remind you that the existence of vulnerabilities in the Signaling System 7 protocol (SS7, Shared signaling channel No. 7, OKS-7) became known back in the mid-2010s, and soon the first attacks on these problems were officially recorded. Besides SMS interception and spoofing, vulnerabilities in SS7 can be exploited to intercept or forward calls, 2FA codes, locate devices, and more.

Of course, many cybercriminals are interested in such services, and SOS Intelligence analysts decided to find out what the SS7 hacking market is. Finding 84 unique .onion domains offering such services, the researchers quickly reduced the sample to active sites and obtained just four resources: SS7 Exploiter, SS7 ONLINE Exploiter, SS7 Hack, and Dark Fox Market.

All four sites claimed that their operators offer services for intercepting and forging SMS, tracking location, and intercepting and redirecting calls.

However, experts have noticed that the sites look isolated and do not have a lot of external links.

This is usually a good indicator of insecurity, signaling that the site is a newly created fraudulent platform. Moreover, the SS7 Hack site was copied from an open internet site created in 2021.the experts said.

Having tried to use the set of exploits offered by the resource for SS7 (in the hope of mirroring the API), the researchers did not achieve any result, since the service was disabled.

On the Dark Fox Market platform, which charges $ 180 for each targeted phone number, researchers generally found demo videos uploaded by Russian users to YouTube back in 2016. Most likely, these videos were simply stolen from YouTube and had nothing to do with Dark Fox Market, which does not offer a working SS7 hacking service anyway.

Alas, after examining the cryptocurrency wallets of the operators of these sites, SOS Intelligence experts discovered that fraudsters make a lot of money by hacking SS7.

Experts emphasize that all of the above does not mean that there are no SS7 hacking services on the darknet at all. Rather, the solutions that work are hidden in invite-only hacker forums and marketplaces like the World Market. Moreover, trained and experienced cybercriminals, as a rule, have access to the data of cellular operators through their “partners” or through their own operations, so they do not need the services of such services at all.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

23 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

23 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

1 day ago