serisec

Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details

Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details










A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court.

The case represents a significant escalation in mobile-based fraud tactics, utilizing advanced SMS blasting technology to conduct large-scale credential harvesting operations between March 22-27, 2025.

Xiong’s operation employed a mobile SMS Blaster device transported in a Black Honda CR-V, enabling him to establish rogue base stations throughout the Greater London area.

The equipment functioned as an illegitimate phone mast, broadcasting stronger signals than legitimate networks to force nearby mobile devices to connect to his malicious infrastructure.

Once connected, the system would inject fraudulent text messages directly into victims’ devices, bypassing traditional SMS filtering mechanisms employed by mobile network operators.

The investigation was conducted by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist banking industry-sponsored police unit, working in collaboration with major mobile network operators including BT, Virgin Media O2, Vodafone Three, and Sky.

UK Finance analysts identified the sophisticated nature of the attack vector, noting that the mobile deployment strategy made traditional detection methods significantly more challenging than stationary fraud operations.

Signal Interference and Message Injection Mechanisms

The SMS Blaster’s technical operation relied on radio frequency manipulation to create unauthorized cellular coverage areas.

The device generated amplified signals that appeared stronger than legitimate network infrastructure, effectively hijacking mobile device connections within approximately a one-kilometer radius.

This technique, known as a false base station attack, exploits the automatic network selection protocols inherent in mobile communication standards.

# Conceptual SMS Blaster Operation (for educational purposes)
class SMSBlaster:
    def __init__(self):
        self.signal_strength = "HIGH"
        self.target_radius = "1km"

    def create_rogue_base_station(self):
        return {"signal_power": "amplified", "status": "broadcasting"}

    def send_fraudulent_sms(self, target_devices):
        for device in target_devices:
            message = self.craft_phishing_message()
            self.transmit(device, message)

    def craft_phishing_message(self):
        return {
            "sender": "Gov.uk",
            "content": "Urgent: Verify your details",
            "malicious_link": "https://fake-gov-site.com"
        }

The malicious messages were crafted to impersonate trusted government bodies and legitimate organizations, containing embedded links that redirected victims to credential harvesting websites designed to steal personal and financial information.

This case highlights the evolving sophistication of mobile-based fraud operations and the critical importance of multi-stakeholder collaboration in combating such threats.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now

The post Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details appeared first on Cyber Security News.






Tushar Subhra Dutta





Go to cyber-security-news




Posted

in

, ,

by

leeanne

Tags: