SMS blaster used in smishing scheme targeting Eurovision fans

Published: 21 May 2026
police van eurovision sign picture alliance
Image by Getty/Picture Alliance

SMS blasters are being used to steal data from millions of victims. This time, cybercriminals hit Eurovision.

A 32-year-old Chinese man used an SMS blaster to target people gathering in Austria’s capital for the 2026 Eurovision Song Contest last week.

sms blaster
Image by Landespolizeidirektion Wien
ADVERTISEMENT

The SMS blaster, a bulky device that acts as a portable cell tower, was found in the trunk of the man’s car. The cybercriminal was soon taken into custody and admitted to attempted fraud.

Following the arrest, the suspect's house was searched, and police found another SMS blaster, two laptops, ten mobile phones, and two tablets, along with batteries, voltage converters, and other technical equipment, the Austrian authorities said.

tech recovered sms blaster case
Image by Landespolizeidirektion Wien

These devices were seized and are undergoing a forensic investigation.

SMS blasters fuel smishing (SMS phishing) campaigns that fool victims into downloading malware, sharing sensitive information with bad actors, or paying money to scammers by posing as legitimate businesses or service providers.

phone scam message german pa
Image by Getty/Picture Alliance.

The blaster forced devices within a 100-meter radius to connect in an attempt to steal the victims’ data, according to local media.

SMS blasters can also send around 100,000 fraudulent messages per hour, and it’s believed that several million smishing messages were sent out during the attack.

ADVERTISEMENT

Eurovision prime target for cybercrime

While cybercriminals may have been targeting devices from as early as April, investigators eventually tracked down the suspect over a month later.

The Eurovision Village was a prime target for the cybercriminal, as the compact area near the City Hall was teeming with activity during the Eurovision week.

The cybercriminal posed as popular delivery services and mobile phone providers to send SMS messages to unsuspecting victims.

city hall eurovillage
Image by Eurovision

Around 11,200 fans filled the arena, according to Eurovision, while 130,000 people attended events around the City Hall Square, which was closely monitored by Austrian police.

While the arrest was made by the specialized Austrian task force Einsatzkommando Cobra, alarms were raised by one of the country’s popular network operators.

To add insult to injury, the man’s 6-year-old son was also in the car at the time of his arrest.

While journalists believe that the addition of child endangerment has been made to “beef up” the criminal charges, it does tell us a lot about the attitudes of cybercriminals.

SMS blasters lower barriers to entry

ADVERTISEMENT

Criminals no longer need technical knowledge to carry out scams. Instead, they buy a SMS blaster, which automatically configures itself to the closest network and requires no technical skills to operate, according to GSMA, a mobile communications advocacy group.

“As criminals locate SMS Blasters close to their victims, they can bypass legitimate mobile networks and circumvent anti-spam protection measures.”

This tech then allows criminals to send out texts without needing a person’s number, all while avoiding detection.

white phone screen held inright hand, shown from profile, dark room
Using smartphone in the dark. mrs/Getty Images

While this event is novel in Austria, as it’s reportedly the first time police have caught criminals using SMS blasters, this is a common occurrence in other parts of the world.

Last year, Chinese national Ruichen Xiong was put away for over a year for using an SMS blaster across London.

Why would a cybercriminal want my data?

While victims might think that having their data stolen is no big deal, the problem is more pervasive than you might think.

When data is stolen in this way, it’s not only used against the victim by the cybercriminal who stole it, but it’s also repurposed and sold on to other cybercriminals who can launch their own fraud campaigns.

Fortunately for cybercriminals, your smartphone collects almost all of the key data points hackers are looking for.

ADVERTISEMENT
digital white fingerprint, pink on the left, blue on the right, two phones
Curly_photo/Getty Images

This can range from phone numbers, full names, and email addresses, to Social Security numbers, driver's licenses, and biometric data.

While SMS blasters can’t be used to hack devices directly, they’re used to send mass phishing messages that prompt users to log in to fake websites or click malicious links.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked