🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Identify and counter malicious links and phishing attempts effectively with CloudSEK XVigil Fake URLs and Phishing module, bolstering your defense against cyber threats
Schedule a DemoAuthors: Shreya Talukdar and Bablu Kumar
Within the ever-evolving realm of cybersecurity, the surge in OTP bots and SMS senders wielded by threat actors presents an ongoing challenge that demands our attention. Cybercriminals are increasingly combining vishing techniques with OTP grabber services to amplify their malicious activities. Vishing, or voice phishing, involves manipulating individuals into divulging sensitive information over the phone. The human touch in vishing adds a convincing element to these attacks, making victims more likely to trust the caller. They employ sophisticated interactive voice response (IVR) systems, authentic voice recordings of real individuals, or even employ real-time calling methods that convincingly appear to originate from a trusted company. Through these tactics, users are skillfully manipulated into revealing their one-time passwords, typically delivered via text messages.
The significance of OTPs in the realm of online security cannot be overstated. A multitude of online services, including financial institutions, place heavy reliance on OTPs as the ultimate guard of verification. In certain scenarios, One Time Password or OTP stands as the only gateway to accessing one's account. This very reliance makes these services an enticing target for those wielding OTP bot services.
‍
In the past, we have seen similar services such as SMS Bandits and SMSRanger being offered on underground forums and Telegram channels.
SMS Bandits emerged as an online service masterminded by a 20-year-old threat actor, aimed at orchestrating large-scale phishing campaigns through mobile text messages. The phishing messages ingeniously masqueraded as various entities, encompassing pandemic relief initiatives, PayPal, telecommunications giants, and governmental tax revenue agencies. The service was tied to another OTP grabber service named Otp[.]agency designed to help intercept one-time passwords needed to log in to various websites. Once the call is made, the phone call triggers the target to enter a one-time password, generated by their mobile app, into the system. This password is then covertly sent back to the scammer's user panel hosted on the OTP Agency website.
To highlight the utilization of well-established tactics like vishing as an initial point of attack and to illustrate how such techniques can be harnessed for malicious intent, we recently encountered a cyberattack on MGM Resorts on September 14, 2023. This incident is attributed to Scattered Spider, a group recognized for its expertise in social engineering. Employing vishing as their method of choice, the cybercriminals successfully obtained employee credentials, secured global admin privileges within Azure Tenant, exfiltrated data, and subsequently held numerous ESXi hypervisors hostage for a ransom. More details on this are added below.
One of the most recent such offerings is a service known as “SpoofMyAss.com” - a one-stop shop for end-to-end SMS-related phishing scams. The service is being offered with bold statements such as:
This service (and all others mentioned in this post) assumes the threat actor already has the target’s login credentials through different means.
SpoofMyAss offers the escalation of OTP bots and SMS senders can significantly aid cybercriminals in orchestrating large-scale vishing (voice phishing) attacks. The following are the features provided by SpoofMyAss that indicates strongly performing vishing attacks :
Using these three main service features, vishers can further craft highly convincing vishing calls:
‍
‍
‍
‍
‍
‍
‍
The user signup is free of charge on the portal. Additionally, it also offers USD 1 as a welcome balance to the user’s account—an enticing invitation to explore the diverse offerings of the platform.
The service primarily consists of two main sub-services:
‍
Per the advertisement, OTP Spoofer is an automated call service that can be used to grab OTPs of any length. The bot possesses the ability to facilitate global calls, fetch multiple OTPs, and communicate seamlessly in over 30 languages.
The service is offered in 3 categories:
‍
The first service is Fast SMA which is, as per the advertisement, fast and easy to use with the help of custom-made or pre-made SSML templates meaning it can be developed to utter the victim’s name and service details, adding a personalized touch to its functionality.
After the call is initiated, and the user is deceived into disclosing their OTP, it becomes visible on the attacker's screen in the following manner.
The second service provides threat actors with the ability to utilize their own audio recordings, which they can store in either MP3 or WAV formats. When these audio files are employed, they greatly enhance the overall authenticity of the calls. This heightened authenticity significantly boosts the probability of users being lured into sharing their One-Time Passwords (OTPs) during the call.
‍
Â
The final service allows anyone to make anonymous calls with manipulated caller IDs and call forwarding options, providing threat actors with opportunities for impersonation, fraudulent calls, and large-scale phishing campaigns. For Transfere SMA, when the victim answers the call, the system connects it to a phone number of the threat actor’s choice that has been specified on the panel. This functionality leads to anonymous calling. If the victim's country matches one of the designated country numbers available on panel, the call will be routed accordingly. Otherwise, it will appear as a US number. The system initiates a call to the victim, prompting them to pick up and hear a "wait please" message. Simultaneously, the system initiates a call to the threat actor (TA). Upon answering the call, TA will engage in conversation with the victim. The communication flows from the victim through Spoofmyass service and then to the TA. Importantly, the victim only sees the number associated with the service, maintaining anonymity and confidentiality throughout the call.
Threat actors can pose as trusted entities, like banks, to trick victims into revealing sensitive information, and they can use counterfeit caller IDs to deceive recipients into sharing personal data or visiting fake websites, ultimately leading to data theft and increased security risks.Â
‍
‍
On September 14, 2023, MGM Resorts was reportedly hit by a cyberattack causing multiple systems to go offline. It’s believed that Scattered Spider, which specializes in social engineering, is responsible for the breach. The cybercriminal, after gathering employee information from social media, likely LinkedIn, impersonated the IT Help Desk of MGM Resorts. Using vishing techniques, the cybercriminals could gather credentials. The threat actors purportedly gained access to global admin privileges of Azure Tenant and performed data exfiltration and later locked down more than hundreds of ESXi hypervisors for ransom.Â
We've noted that threat actors frequently rely on well-established techniques when conducting cyberattacks. Consequently, these tried-and-true methods can be adopted by less-sophisticated, copycat threat actors, often with the help of services like SpoofMyAss.
Okta is a cloud-based identity and access management (IAM) platform that provides businesses and organizations with a secure and centralized way to manage user identities and access to various applications and services.Â
‍
In a banking vishing scam, threat actors often pose as bank representatives or officials. They typically use the following tactics:
In tech support vishing scams, attackers often target individuals with claims of technical issues on their computers or devices:
In this SMS scam, victims receive a text message claiming they have won a substantial sum of money in a lottery. The message appears to be from a well-known lottery organization. The message typically contains a link or a phone number to claim the prize. Threat actors can use services like "spoofmyass" to send these SMS messages with convincing caller IDs.
In this vishing scenario, threat actors impersonate a utility company, such as an electricity or gas provider. They often target businesses or individuals with the following tactics:
‍
This service currently claims to be using 269 legitimate SMS gateways for sending text messages to unsuspecting users spanning diverse regions across the globe. Of these, there are 87 US-based and 13 India-based SMS gateways. For example:
‍
A template is an SSML code that the SMA bot will read aloud when the attacker passes a call to grab an OTP code. The language of the bot and its speaking style is customizable after which voice testing can be done to ensure the voice type. The code can be edited to include dynamic information. For example, to address the caller by name ##cname## is used and for mentioning the bank name ##service## can be used. This allows the bot to personalize the message the attacker wants. Options like speaking rate, pitch type, and break time are also customizable. The template can be played, edited, or deleted as per the threat actor’s requirement.
‍
Similarly, another template can be created after the victim enters an OTP as an ending message to sound more legitimate.
‍
There are 4 services that are offered within the tool sectionÂ
‍
‍
The number generator feature offers the capacity to efficiently produce phone numbers in large quantities, with the option to specify the desired quantity and even select the target country for number generation.
Through Human Intelligence (HUMINT) sources, we have discerned that this tool employs internally-developed algorithms for generating these numbers.
‍
‍
Number validator is used for ensuring that the numbers generated are accurate and it further checks for the country as well. We have not been able to verify whether these numbers are validated against some external sources.
‍
The third service in the list is Detector which is a carrier detector. A mobile number carrier detector is a software or service designed to identify the mobile carrier or network operator associated with a given mobile phone number. This tool can be used to determine which telecommunications company provides service for a particular phone number. As per the claim, the service can identify the country and carrier associated with the phone number.
‍
‍
An SMS gateway filter is a mechanism or component within an SMS gateway system designed to filter and manage SMS (Short Message Service) messages. Its primary purpose is to control the flow of SMS messages and ensure that only legitimate, desired, and compliant messages are sent or received through the gateway.
‍
List Manager is a feature where bulk numbers can be uploaded together to organize phone numbers effortlessly into lists, simplifying the process of sending SMS messages. It can also be used to review the phone number list and remove any undesired entries
‍
The text announces a significant update to an SMS sender service called "SPOOF MY ASS UNLIMITED SMS SENDER" which is now a private, subscription-based model. Key points of the update include:
‍
‍
‍
As per as their claim, these are the updates on version 2 (V2) of the service:
‍
‍
‍
‍
The ramifications of such exploitation are profound. Cybercriminals, upon gaining access to a victim's online banking and other sensitive accounts, are equipped to perpetrate a wide array of fraudulent online transactions. However, the scope of threat posed by these services extends far beyond the mere capture of OTPs. These insidious tools are versatile, capable of wielding social engineering techniques, propagating malware or scams, and even inflicting harassment and extortion upon their targets.Â
OTP SMS and OTP call Grabber services portray serious consequences and present substantial risks for both individuals and organizations. Below are several examples of how these services may be exploited for malicious purposes:
Account Takeover: Malicious individuals can utilize OTP Grabber services to intercept OTPs transmitted via SMS or voice calls. Armed with these intercepted OTPs, they can illicitly enter the victim's accounts, encompassing email, social media, and financial accounts, effectively assuming control of said accounts. In a specific instance, an attacker employs an OTP Grabber service to intercept the OTP dispatched to a victim's mobile device during a login endeavor. Subsequently, leveraging the pilfered OTP, the attacker secures access to the victim's email account, housing sensitive personal and financial data.
Identity Theft: OTP Grabber services can be utilized for the illicit acquisition of OTPs used in identity verification across a range of online services. Subsequently, malicious actors can exploit these OTPs to assume the identity of the target, enabling the execution of fraudulent activities and potentially facilitating identity theft. In this process, a malevolent actor intercepts the OTP through an OTP Grabber service, enabling them to assume the persona of the legitimate user and execute unauthorized transactions with fraudulent intent.
Unauthorized Access: OTPs are often used for two-factor authentication (2FA) to provide an additional layer of security. Misuse of OTP Grabber services can bypass this security measure, enabling unauthorized access to sensitive systems or applications.
Financial Fraud: Access to OTPs can enable attackers to carry out financial fraud. They can make unauthorized transactions, transfer funds, or withdraw money from the victim's bank accounts or digital wallets.
Privacy Invasion: Intercepting OTPs is a breach of privacy, as it involves monitoring and accessing the victim's communication channels without consent. This invasion of privacy can cause emotional distress and anxiety for victims.
Simultaneous Authentication: OTP Grabber services can intercept OTPs in real-time, allowing attackers to authenticate themselves on the victim's behalf, making it difficult for the victim to notice or respond in time.
Account Hijacking: OTP Grabber services can lead to complete account hijacking, as attackers can change account passwords, security settings, and recovery information, locking the legitimate account owner out of their own accounts.
Propagation of Malware or Scams: Threat actors could use Fast SMA to automate calls promoting malware downloads or other fraudulent schemes. By customizing the call content to suit different targets, they can spread malicious software or perpetrate scams on a larger scale.
Harassment and Extortion: In some cases, threat actors might use this service for harassment or extortion. They can repeatedly send threatening or misleading calls to victims, demanding money or sensitive information in exchange for stopping the harassment.
It's important for individuals and organizations to be vigilant about safeguarding OTPs and implementing additional security measures, such as using authenticator apps or hardware tokens, to protect against OTP interception. Additionally, reporting any suspected misuse of OTP Grabber services to law enforcement or relevant authorities is crucial to combat these illegal activities.
CloudSEK’s deep and dark web monitoring platform scours thousands of sources across the deep and the dark web to identify fraud and targeted threats. The service gives analysts a single pane of glass to monitor dark web activities. In this particular case, if the banking-related credentials are being sold on the dark web, you will be directly notified so you can instantly take security measures and inform the affected users/clients.
The reviews indicate that the service is getting traction on underground forums and threat actors have already started using it for nefarious purposes.Â
‍
‍
‍
‍
‍
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
15
min read
Explore an in-depth analysis of the growing threat posed by OTP bots and SMS senders in cybersecurity. Learn how these tools are being utilized by threat actors for phishing and vishing
Authors: Shreya Talukdar and Bablu Kumar
Within the ever-evolving realm of cybersecurity, the surge in OTP bots and SMS senders wielded by threat actors presents an ongoing challenge that demands our attention. Cybercriminals are increasingly combining vishing techniques with OTP grabber services to amplify their malicious activities. Vishing, or voice phishing, involves manipulating individuals into divulging sensitive information over the phone. The human touch in vishing adds a convincing element to these attacks, making victims more likely to trust the caller. They employ sophisticated interactive voice response (IVR) systems, authentic voice recordings of real individuals, or even employ real-time calling methods that convincingly appear to originate from a trusted company. Through these tactics, users are skillfully manipulated into revealing their one-time passwords, typically delivered via text messages.
The significance of OTPs in the realm of online security cannot be overstated. A multitude of online services, including financial institutions, place heavy reliance on OTPs as the ultimate guard of verification. In certain scenarios, One Time Password or OTP stands as the only gateway to accessing one's account. This very reliance makes these services an enticing target for those wielding OTP bot services.
‍
In the past, we have seen similar services such as SMS Bandits and SMSRanger being offered on underground forums and Telegram channels.
SMS Bandits emerged as an online service masterminded by a 20-year-old threat actor, aimed at orchestrating large-scale phishing campaigns through mobile text messages. The phishing messages ingeniously masqueraded as various entities, encompassing pandemic relief initiatives, PayPal, telecommunications giants, and governmental tax revenue agencies. The service was tied to another OTP grabber service named Otp[.]agency designed to help intercept one-time passwords needed to log in to various websites. Once the call is made, the phone call triggers the target to enter a one-time password, generated by their mobile app, into the system. This password is then covertly sent back to the scammer's user panel hosted on the OTP Agency website.
To highlight the utilization of well-established tactics like vishing as an initial point of attack and to illustrate how such techniques can be harnessed for malicious intent, we recently encountered a cyberattack on MGM Resorts on September 14, 2023. This incident is attributed to Scattered Spider, a group recognized for its expertise in social engineering. Employing vishing as their method of choice, the cybercriminals successfully obtained employee credentials, secured global admin privileges within Azure Tenant, exfiltrated data, and subsequently held numerous ESXi hypervisors hostage for a ransom. More details on this are added below.
One of the most recent such offerings is a service known as “SpoofMyAss.com” - a one-stop shop for end-to-end SMS-related phishing scams. The service is being offered with bold statements such as:
This service (and all others mentioned in this post) assumes the threat actor already has the target’s login credentials through different means.
SpoofMyAss offers the escalation of OTP bots and SMS senders can significantly aid cybercriminals in orchestrating large-scale vishing (voice phishing) attacks. The following are the features provided by SpoofMyAss that indicates strongly performing vishing attacks :
Using these three main service features, vishers can further craft highly convincing vishing calls:
‍
‍
‍
‍
‍
‍
‍
The user signup is free of charge on the portal. Additionally, it also offers USD 1 as a welcome balance to the user’s account—an enticing invitation to explore the diverse offerings of the platform.
The service primarily consists of two main sub-services:
‍
Per the advertisement, OTP Spoofer is an automated call service that can be used to grab OTPs of any length. The bot possesses the ability to facilitate global calls, fetch multiple OTPs, and communicate seamlessly in over 30 languages.
The service is offered in 3 categories:
‍
The first service is Fast SMA which is, as per the advertisement, fast and easy to use with the help of custom-made or pre-made SSML templates meaning it can be developed to utter the victim’s name and service details, adding a personalized touch to its functionality.
After the call is initiated, and the user is deceived into disclosing their OTP, it becomes visible on the attacker's screen in the following manner.
The second service provides threat actors with the ability to utilize their own audio recordings, which they can store in either MP3 or WAV formats. When these audio files are employed, they greatly enhance the overall authenticity of the calls. This heightened authenticity significantly boosts the probability of users being lured into sharing their One-Time Passwords (OTPs) during the call.
‍
Â
The final service allows anyone to make anonymous calls with manipulated caller IDs and call forwarding options, providing threat actors with opportunities for impersonation, fraudulent calls, and large-scale phishing campaigns. For Transfere SMA, when the victim answers the call, the system connects it to a phone number of the threat actor’s choice that has been specified on the panel. This functionality leads to anonymous calling. If the victim's country matches one of the designated country numbers available on panel, the call will be routed accordingly. Otherwise, it will appear as a US number. The system initiates a call to the victim, prompting them to pick up and hear a "wait please" message. Simultaneously, the system initiates a call to the threat actor (TA). Upon answering the call, TA will engage in conversation with the victim. The communication flows from the victim through Spoofmyass service and then to the TA. Importantly, the victim only sees the number associated with the service, maintaining anonymity and confidentiality throughout the call.
Threat actors can pose as trusted entities, like banks, to trick victims into revealing sensitive information, and they can use counterfeit caller IDs to deceive recipients into sharing personal data or visiting fake websites, ultimately leading to data theft and increased security risks.Â
‍
‍
On September 14, 2023, MGM Resorts was reportedly hit by a cyberattack causing multiple systems to go offline. It’s believed that Scattered Spider, which specializes in social engineering, is responsible for the breach. The cybercriminal, after gathering employee information from social media, likely LinkedIn, impersonated the IT Help Desk of MGM Resorts. Using vishing techniques, the cybercriminals could gather credentials. The threat actors purportedly gained access to global admin privileges of Azure Tenant and performed data exfiltration and later locked down more than hundreds of ESXi hypervisors for ransom.Â
We've noted that threat actors frequently rely on well-established techniques when conducting cyberattacks. Consequently, these tried-and-true methods can be adopted by less-sophisticated, copycat threat actors, often with the help of services like SpoofMyAss.
Okta is a cloud-based identity and access management (IAM) platform that provides businesses and organizations with a secure and centralized way to manage user identities and access to various applications and services.Â
‍
In a banking vishing scam, threat actors often pose as bank representatives or officials. They typically use the following tactics:
In tech support vishing scams, attackers often target individuals with claims of technical issues on their computers or devices:
In this SMS scam, victims receive a text message claiming they have won a substantial sum of money in a lottery. The message appears to be from a well-known lottery organization. The message typically contains a link or a phone number to claim the prize. Threat actors can use services like "spoofmyass" to send these SMS messages with convincing caller IDs.
In this vishing scenario, threat actors impersonate a utility company, such as an electricity or gas provider. They often target businesses or individuals with the following tactics:
‍
This service currently claims to be using 269 legitimate SMS gateways for sending text messages to unsuspecting users spanning diverse regions across the globe. Of these, there are 87 US-based and 13 India-based SMS gateways. For example:
‍
A template is an SSML code that the SMA bot will read aloud when the attacker passes a call to grab an OTP code. The language of the bot and its speaking style is customizable after which voice testing can be done to ensure the voice type. The code can be edited to include dynamic information. For example, to address the caller by name ##cname## is used and for mentioning the bank name ##service## can be used. This allows the bot to personalize the message the attacker wants. Options like speaking rate, pitch type, and break time are also customizable. The template can be played, edited, or deleted as per the threat actor’s requirement.
‍
Similarly, another template can be created after the victim enters an OTP as an ending message to sound more legitimate.
‍
There are 4 services that are offered within the tool sectionÂ
‍
‍
The number generator feature offers the capacity to efficiently produce phone numbers in large quantities, with the option to specify the desired quantity and even select the target country for number generation.
Through Human Intelligence (HUMINT) sources, we have discerned that this tool employs internally-developed algorithms for generating these numbers.
‍
‍
Number validator is used for ensuring that the numbers generated are accurate and it further checks for the country as well. We have not been able to verify whether these numbers are validated against some external sources.
‍
The third service in the list is Detector which is a carrier detector. A mobile number carrier detector is a software or service designed to identify the mobile carrier or network operator associated with a given mobile phone number. This tool can be used to determine which telecommunications company provides service for a particular phone number. As per the claim, the service can identify the country and carrier associated with the phone number.
‍
‍
An SMS gateway filter is a mechanism or component within an SMS gateway system designed to filter and manage SMS (Short Message Service) messages. Its primary purpose is to control the flow of SMS messages and ensure that only legitimate, desired, and compliant messages are sent or received through the gateway.
‍
List Manager is a feature where bulk numbers can be uploaded together to organize phone numbers effortlessly into lists, simplifying the process of sending SMS messages. It can also be used to review the phone number list and remove any undesired entries
‍
The text announces a significant update to an SMS sender service called "SPOOF MY ASS UNLIMITED SMS SENDER" which is now a private, subscription-based model. Key points of the update include:
‍
‍
‍
As per as their claim, these are the updates on version 2 (V2) of the service:
‍
‍
‍
‍
The ramifications of such exploitation are profound. Cybercriminals, upon gaining access to a victim's online banking and other sensitive accounts, are equipped to perpetrate a wide array of fraudulent online transactions. However, the scope of threat posed by these services extends far beyond the mere capture of OTPs. These insidious tools are versatile, capable of wielding social engineering techniques, propagating malware or scams, and even inflicting harassment and extortion upon their targets.Â
OTP SMS and OTP call Grabber services portray serious consequences and present substantial risks for both individuals and organizations. Below are several examples of how these services may be exploited for malicious purposes:
Account Takeover: Malicious individuals can utilize OTP Grabber services to intercept OTPs transmitted via SMS or voice calls. Armed with these intercepted OTPs, they can illicitly enter the victim's accounts, encompassing email, social media, and financial accounts, effectively assuming control of said accounts. In a specific instance, an attacker employs an OTP Grabber service to intercept the OTP dispatched to a victim's mobile device during a login endeavor. Subsequently, leveraging the pilfered OTP, the attacker secures access to the victim's email account, housing sensitive personal and financial data.
Identity Theft: OTP Grabber services can be utilized for the illicit acquisition of OTPs used in identity verification across a range of online services. Subsequently, malicious actors can exploit these OTPs to assume the identity of the target, enabling the execution of fraudulent activities and potentially facilitating identity theft. In this process, a malevolent actor intercepts the OTP through an OTP Grabber service, enabling them to assume the persona of the legitimate user and execute unauthorized transactions with fraudulent intent.
Unauthorized Access: OTPs are often used for two-factor authentication (2FA) to provide an additional layer of security. Misuse of OTP Grabber services can bypass this security measure, enabling unauthorized access to sensitive systems or applications.
Financial Fraud: Access to OTPs can enable attackers to carry out financial fraud. They can make unauthorized transactions, transfer funds, or withdraw money from the victim's bank accounts or digital wallets.
Privacy Invasion: Intercepting OTPs is a breach of privacy, as it involves monitoring and accessing the victim's communication channels without consent. This invasion of privacy can cause emotional distress and anxiety for victims.
Simultaneous Authentication: OTP Grabber services can intercept OTPs in real-time, allowing attackers to authenticate themselves on the victim's behalf, making it difficult for the victim to notice or respond in time.
Account Hijacking: OTP Grabber services can lead to complete account hijacking, as attackers can change account passwords, security settings, and recovery information, locking the legitimate account owner out of their own accounts.
Propagation of Malware or Scams: Threat actors could use Fast SMA to automate calls promoting malware downloads or other fraudulent schemes. By customizing the call content to suit different targets, they can spread malicious software or perpetrate scams on a larger scale.
Harassment and Extortion: In some cases, threat actors might use this service for harassment or extortion. They can repeatedly send threatening or misleading calls to victims, demanding money or sensitive information in exchange for stopping the harassment.
It's important for individuals and organizations to be vigilant about safeguarding OTPs and implementing additional security measures, such as using authenticator apps or hardware tokens, to protect against OTP interception. Additionally, reporting any suspected misuse of OTP Grabber services to law enforcement or relevant authorities is crucial to combat these illegal activities.
CloudSEK’s deep and dark web monitoring platform scours thousands of sources across the deep and the dark web to identify fraud and targeted threats. The service gives analysts a single pane of glass to monitor dark web activities. In this particular case, if the banking-related credentials are being sold on the dark web, you will be directly notified so you can instantly take security measures and inform the affected users/clients.
The reviews indicate that the service is getting traction on underground forums and threat actors have already started using it for nefarious purposes.Â
‍
‍
‍
‍
‍