ClickCease SNS Sender Script Used for Bulk Smishing Attacks

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

SNS Sender Script Used for Bulk Smishing Attacks

Rohan Timalsina

March 5, 2024 - TuxCare expert team

A new threat has emerged in the form of a Python script called SNS Sender, which malicious actors are utilizing to send bulk smishing messages through Amazon Web Services (AWS) Simple Notification Service (SNS). This script necessitates legitimate AWS SNS credentials obtained from an environment not constrained by the SNS sandbox limitations.

The threat actor (ARDUINO_DAS) associated with this script has connections to various phishing kits utilized for obtaining victims’ personal information and payment card details. Security researcher Alex Delamotte highlighted that these smishing scams often masquerade as messages from the United States Postal Service (USPS) about missed package deliveries.

The operation, believed to have been active since at least July 2022, has been traced through bank logs referencing ARDUINO_DAS shared on underground forums like Crax Pro.


Understanding Smishing Attacks


A smishing attack is a type of phishing attack that occurs over SMS (Short Message Service) or text message. In a smishing attack, the attacker sends deceptive text messages to trick individuals into divulging sensitive information or performing certain actions, such as clicking on malicious links or providing personal and financial information. These messages often appear to come from legitimate sources, such as banks, government agencies, or reputable organizations, and they typically contain urgent or enticing messages to prompt immediate action from the recipient. Smishing attacks aim to exploit the trust and immediacy associated with text messaging to deceive victims and steal their confidential information.

Smishing attacks are particularly effective due to their ability to exploit the immediacy and trust associated with text messaging. Unlike emails, which may go unread for hours or days, text messages are often opened and read promptly upon receipt. Furthermore, smishing messages frequently create a sense of urgency or importance, compelling recipients to take immediate action without thoroughly verifying the message’s legitimacy. Attackers may also personalize smishing messages with information obtained from data breaches or public sources, making them appear more authentic.




What sets the SNS Sender script apart is its innovative use of AWS SNS to carry out SMS spamming attacks, a tactic not previously observed in the wild. With the widespread reliance on mobile devices for communication and transactions, combined with the limited security measures often associated with mobile messaging platforms, smishing attacks have become a potent tool for cybercriminals to deceive and exploit unsuspecting individuals.


The sources for this article include a story from TheHackerNews.

SNS Sender Script Used for Bulk Smishing Attacks
Article Name
SNS Sender Script Used for Bulk Smishing Attacks
Discover how threat actors are utilizing a custom SNS sender script and AWS Simple Notification Service (SNS) for bulk smishing attacks.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter