“In many ways, mobile devices have taken us back a decade,” said John Bambenek of Bambenek Consulting. “In email, we get some protection against compromised users sending phishing lures. However, this doesn’t really exist in SMS. The result is that we artificially trust our contacts’ messages and they may include installing apps from outside Google Play.”
Weaponizing trust from Telegram to text threads
Zimperium’s reportShared with CSO ahead of its publication on Thursday, it shows that Clarett thrives on trust loops. Attackers use sophisticated phishing pages and Telegram “update channels” to host fake apps with fake testimonials and inflated download numbers. Once granted SMS-handling privileges, spyware weaponizes that trust, “Be the first to know!” Messages containing malicious links to every contact on the infected phone.
“This type of RAT technology, which allows victim devices to send authentic-looking messages or even make calls, can be used to bypass MFA or engage in sophisticated impersonation attacks,” Bambenek said.
