Delete These Texts—Just 24 Hours To Hack Your Phone

As the threat landscape continues to evolve, security experts are sounding the alarm about a new wave of malicious text campaigns that can steal your credentials or install malware on your device in just 24 hours. The demand for devious domains has never been higher, with DomainTools warning that there were over 106 million newly observed domains in 2024 alone.

These domains are often disguised behind images, QR codes, or attachments, making them difficult to detect. Some links may be shared via social media posts or emails, while others may appear as innocent-sounding messages from well-known brands or organizations.

The rapidity with which these attacks move is alarming. According to DomainTools CISO Daniel Schwalbe, the common cradle-to-grave life cycle of a malicious domain is just 24 hours. This means that the link stops working before you even have a chance to react.

Typical Keywords for Links to Malware

1. "Google Starts Scanning Your Photos—3 Billion Users Must Now Decide"
2. "Google Confirms Gmail Update—How To Keep Your Email Account"
3. "NYT Mini Crossword Clues And Answers For Friday, April 25"

These messages are often designed to look legitimate, but they're actually links to malware or phishing sites that can steal your credentials or compromise your device.

The FBI Warns of Smishing Text Scams

The FBI has warned users to delete all so-called smishing texts from their phones. These messages contain malicious domains that lead to malware, credential harvesting, and even identity theft.

The scammers behind these attacks are often organized in an industrial scale by Chinese gangs, who are fueling the problem with sophisticated financial campaigns mimicking your bank or credit card provider.

How to Stay Safe

The advice is clear: do not engage with any text that contains a lure from a well-known brand or organization and a link. Do not click any links or open any attachments. Delete all such texts from your phone immediately.

"The fact there are almost 1,500 top-level domains active on the internet right now," warns Schwalbe, "is both a blessing and a curse. Threat actors are capitalizing on this opportunity to either get very cheap domains or register domain names that impersonate legitimate businesses and organizations under lesser-known TLDs."

DomainTools is providing analysis on domain intelligence to enhance the ability of fellow defenders to identify risky domains and proactively mitigate threats. The report highlights the importance of staying vigilant and adopting a zero-tolerance approach to staying safe in this digital age.

A Word of Caution

"You cannot beat these scammers," Schwalbe warns. "You need to go back to basics and adopt a zero-tolerance, absolutist approach to staying safe."