Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Early Prime Day Deals: $100 Off 2 Best-Selling Espresso Makers

    October 2, 2025

    That annoying SMS phish you just got may have come from a box like this

    October 1, 2025

    Trump, Hegseth address 800 officers, tighten standards

    October 1, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook
    GeekBlog
    Home»Tech News»That annoying SMS phish you just got may have come from a box like this
    Tech News

    That annoying SMS phish you just got may have come from a box like this

    Michael ComaousBy Michael ComaousOctober 1, 20252 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    That annoying SMS phish you just got may have come from a box like this
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple, accessible infrastructure. Given the strategic utility of such equipment, it is highly likely that similar devices are already being exploited in ongoing or future smishing campaigns.”

    Sekoia said it’s unclear how the devices are being compromised. One possibility is through CVE-2023-43261, a vulnerability in the routers that was fixed in 2023 with the release of version 35.3.0.7 of the device firmware. The vast majority of 572 identified as unsecured ran versions 32 or earlier.

    CVE-2023-43261 stemmed from a misconfiguration that made files in a router’s storage publicly available through a web interface, according to a post published by Bipin Jitiya, the researcher who discovered the vulnerability. Among other things, some of the files contained cryptographically protected passwords for accounts, including the device administrator. While the password was encrypted, the file also included the secret encryption key used and an IV (initialization vector), allowing an attacker to obtain the plaintext password and then gain full administrative access.

    The researchers said that this theory was contradicted by some of the facts uncovered in their investigation. For one, an authentication cookie found on one of the hacked routers used in the campaign “could not be decrypted using the key and IV described in the article,” the researchers wrote, without elaborating further. Further, some of the routers abused in the campaigns ran firmware versions that weren’t susceptible to CVE-2023-43261.

    Milesight didn’t respond to a message seeking comment.

    The phishing websites ran JavaScript that prevented pages from delivering malicious content unless it was accessed from a mobile device. One site also ran JavaScript to disable right-click actions and browser debugging tools. Both moves were likely made in an attempt to hinder analysis and reverse engineering. Sekoia also found that some of the sites logged visitor interactions through a Telegram bot known as GroozaBot. The bot is known to be operated by an actor named “Gro_oza,” who appears to speak both Arabic and French.

    Given the prevalence and massive volume of smishing messages, people often wonder how scammers manage to send billions of messages per month without getting caught or shut down. Sekoia’s investigation suggests that in many cases, the resources come from small, often-overlooked boxes tucked away in janitorial closets in industrial settings.

    Annoying box phish SMS
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleTrump, Hegseth address 800 officers, tighten standards
    Next Article Early Prime Day Deals: $100 Off 2 Best-Selling Espresso Makers
    Michael Comaous
    • Website

    Michael Comaous is a dedicated professional with a passion for technology, innovation, and creative problem-solving. Over the years, he has built experience across multiple industries, combining strategic thinking with hands-on expertise to deliver meaningful results. Michael is known for his curiosity, attention to detail, and ability to explain complex topics in a clear and approachable way. Whether he’s working on new projects, writing, or collaborating with others, he brings energy and a forward-thinking mindset to everything he does.

    Related Posts

    2 Mins Read

    Early Prime Day Deals: $100 Off 2 Best-Selling Espresso Makers

    4 Mins Read

    Instagram head says company is not using your microphone to listen to you (with AI data, it won’t need to)

    2 Mins Read

    Instagram tests opening right onto Reels

    3 Mins Read

    Google unveils 2K Nest cams, Gemini for Home

    3 Mins Read

    Freaky Jurassic Reptile Is a Weird Mix of Snake and Lizard

    2 Mins Read

    Best Costco deals to compete with Amazon Prime Day 2025: My favorite sales so far

    Top Posts

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202533 Views

    What founders need to know before choosing their exit at Disrupt 2025

    August 8, 202520 Views

    Grok rolls out AI video creator for X with bonus “spicy” mode

    August 7, 202516 Views
    Stay In Touch
    • Facebook

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202533 Views

    What founders need to know before choosing their exit at Disrupt 2025

    August 8, 202520 Views

    Grok rolls out AI video creator for X with bonus “spicy” mode

    August 7, 202516 Views
    Our Picks

    Early Prime Day Deals: $100 Off 2 Best-Selling Espresso Makers

    October 2, 2025

    That annoying SMS phish you just got may have come from a box like this

    October 1, 2025

    Trump, Hegseth address 800 officers, tighten standards

    October 1, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.