Friday, May 2, 2025
HomeCyber Security NewsHackers Selling SMS Bomber Attack Tools on Underground Forums

Hackers Selling SMS Bomber Attack Tools on Underground Forums

Published on

SIEM as a Service

Follow Us on Google News

In the current world of cybersecurity, security threats are evolving at a rapid pace, as there are always new problems to deal with.

Among the ever-evolving threats, SMS Bomber attacks are one of the modern attacks in the current threat landscape that can cause severe and adverse effects.

In SMS Bomber attacks the attacker hit the victim by flooding their phone number with numerous text messages. Since these large amounts of SMS overload the phones with unwanted triggers that flood the device with unwanted:-

- Advertisement - Google News
  • Vibrations
  • Alert sounds
  • Notifications

Cybersecurity researchers at SOCRadar recently identified that hackers are actively selling SMS Bomber attack tools on several underground forums. While these attacks are executed for several illicit purposes, including:-

  • Trolling
  • Cyberbullying
  • Diverting the attention of the target

Distribution platforms

Moreover, besides the underground forums, for distribution and selling SMS Bomber attack tools, threat actors are also exploiting the messaging and open-source code-sharing platforms like:-

  • Telegram
  • ICQ
  • Discord
  • GitHub
  • Replit

SMS Bomber Market & Pricing

Security analysts at SOCRadar identified the following pricing chart in one of the underground forums:-

  • Flood email for 1 hour: $1.7 
  • Flood phone call for 1 hour: $8-$14 (120 – 200 calls per hour from different numbers) (US / Canada)
  • Flood sms phone for 1 hour: $18 (4-5 sms per minute) (US / Canada)
  • For 1 spam sms: $0.03 (US / Canada)
One of the SMS Bomber service lists (Source – SOCRadar)

Other posts and service posts that are discovered by the researchers in different forums and platforms:-

Underground forum post related to SMS BOMBER (Source – SOCRadar)

Moreover, through the redirected link, a membership-based panel was discovered offering various services including SMS attacks. With fees determined by attack duration like:- 

  • $7.50 for 1 hour
  • $615 for 100 hours
SMS Bomber service post (Source – SOCRadar)

While in the case of messaging platforms, Telegram stood at the top, since experts found a channel boasting 94,925 subscribers, and this channel was active since December 16, 2022.

To get all information about prices, security analysts established direct communication with the bot.

Pricing details (Source – SOCRadar)

Here below we have mentioned all the replies that are provided by the bot when asked, What can it do?:-

  • Perform SMS flooding 
  • Make flood calls
  • Send callback requests
  • Send prank calls
  • Send a recording of the call

During their investigation, researchers discovered another Telegram channel with 352 subscribers on which they found an SMS Validator app. 

SMS Validator (Source – SOCRadar)

This app is an SMS Bomber since it completely works like an SMS Bomber, and it is available at $18 for single and lifetime use.

In the case of open-source sharing platforms like GitHub and Replit, cybersecurity researchers found the following top queries with their respective code counts:-

  • SMS bomb with 1K Code
  • SMS bomber with 4.9K Code
  • SMS bombing with 341 Code

Apart from all these platforms, experts also used Google Dorks for more data that helped in mapping the web addresses, countries of affiliation, and sectoral information.

Countries of Affiliation  (Source – SOCRadar)

Here below are the sectors that are mapped:-

Industries of Affiliation  (Source – SOCRadar)

Protection Methods

Here below we have mentioned all the protection methods that are provided by the security analysts:-

  • Spam Filters
  • Number Hiding
  • Reliable Sources
  • Countermeasures to be taken by SMS Service Providers
  • API Security
  • Authentication Layers
  • Data Breach Monitoring
  • Web Security
  • Authorization
  • Access Controls

Keep informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security in 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Preparing for Quantum Cybersecurity Risks – CISO Insights

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief...

Securing Digital Transformation – CISO’s Resource Hub

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...