Sunday, May 18, 2025
HomeCyber AttackSimjacker Vulnerability - Attackers take Control Over Mobile Phones via an SMS...

Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

Published on

SIEM as a Service

Follow Us on Google News

Security researchers disclosed a new attack dubbed Simjacker, that can be exploited by sending an SMS containing a specific type of spyware codes.

The vulnerability found to be actively exploited for more than 2 years by a private company that works for the government to monitor the individuals.

How the Attack Works

The Simjacker attack starts with an SMS message that includes spyware-like code sent to the targeted recipient’s mobile phone, which instructs SIM card to send another SMS with details such as location/terminal information, without any user interaction.

- Advertisement - Google News

The attack abuses S@T Browser(SIMalliance Toolbox Browser) functionality on the SIM card to trigger the commands that are sent to the handset and the responses to the command are stored temporarily in the SIM card.

Then once it obtains relevant information from the handset, another proactive command sent to the headset instructing to send an SMS with the information collected. The collected information includes location and IMEI number of the headset.

According to AdaptiveMobile Security research, other types of attack are also possible using the S@T Browser, including location tracking, fraud, denial of service, malware spreading and call interception.

“AdaptiveMobile Security research indicates that the Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, Africa, Europe, the Middle East and indeed any region of the world where this SIM card technology is in use. “

The vulnerability is due to the improper validation of messages that use ” S@T Browser, and SIMs allow data download via SMS.”

This attack is also unique, in that the Simjacker Attack Message could logically be classified as carrying a complete malware payload, specifical spyware reads AdaptiveMobile Security report.

Who is Conducting this Attack

AdaptiveMobile said that the attack was conducted by a private company working for the government, also the same company has control over SS7 core, because when Simjacker attack failed they are targeted using SS7 attacks.

“In one country we are seeing roughly 100-150 specific individual phone numbers being targeted per day via Simjacker attacks, although we have witnessed bursts of up to 300 phone numbers attempting to be tracked in a day, the distribution of tracking attempts varies.”

The attack targets all the devices including Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...