A long-running international telecommunications fraud campaign uses fake CAPTCHA verification prompts to trick mobile users into sending unauthorized premium SMS messages, resulting in significant illicit revenue for threat actors.

Key Points

• Researchers at Infoblox identified an international revenue share fraud (IRSF) campaign active since June 2020.
• The scam uses fake CAPTCHA prompts to trigger up to 60 automated SMS messages, costing victims approximately $30 per incident.
• Fraudsters utilize traffic distribution systems and back button hijacking to trap users and evade detection across 17 countries.
• The operation exploits high termination fees in regions like Azerbaijan, Kazakhstan, and parts of Europe to profit from inter-carrier revenue sharing.
• Threat actors leverage commercial tools like the Keitaro traffic distribution system to scale these scams and distribute other malicious content.

Why it Matters

This campaign highlights a sophisticated intersection of social engineering and telecommunications infrastructure abuse that defrauds both individual consumers and mobile carriers. By exploiting delayed billing cycles and complex revenue-sharing agreements, attackers can operate at scale while remaining difficult for victims to detect or dispute.