Infected 4G/5G routers secretly send SMS messages and drain accounts

Published: 3 April 2025
5g router, cellular, LTE, connectivity
Image by Shutterstock.

Inserting a SIM card into a router can lead to unexpected and costly consequences, as one Estonian user recently discovered.

Compromised mobile hotspot routers, which often offer 4G, LTE, or 5G connectivity, can become a huge headache.

A customer in Estonia received nearly €1,000 ($1,100) in bills after their router sent over 10,000 SMS messages to various foreign countries in just a few days, digi.genius.ee reports.

ADVERTISEMENT

The router contained malware, but it was unclear how it was infected. The device was produced in Russia. It’s difficult to determine how it was infected when a device is acquired from an unknown source and abroad.

Many users aren’t even aware that routers can send SMS. This is often used for alerts or notifications. However, malware can also abuse this functionality and cause additional charges.

Typically, data-only hotspot plans are designed primarily for data, with SMS and voice functionality disabled or limited. However, some carriers do not disable these features. Users may also insert SIM cards with plans that include SMS or voice services, potentially leading to unexpected charges.

Additionally, hotspot plans are restricted to certain data limits, and malware can easily exhaust the gigabytes.

Users can disable the SMS functionality in the router. However, if they no longer control the device, this will not help.

Niamh Ancell BW Gintaras Radauskas jurgita Konstancija Gasaityte profile
Join 25,260+ followers on Google News
Google News Follow us

Experts warn that many low-cost off-brand routers with cellular connectivity can be exploited to send fraudulent messages, drain accounts, and serve as gateways for further cyberattacks.

Multiple incidents in the past, including ones in the US, have demonstrated that compromised routers, infected through default credentials or outdated firmware, are being included in botnets that abuse built-in SMS capabilities to generate fraudulent fees.

ADVERTISEMENT

One botnet exploited a flaw in TP-Link MR6400 routers to run an SMS messaging-as-a-service scheme, as reported by The Record.

Cybersecurity researchers have also discussed vulnerabilities in mobile routers. Attackers can exploit exposed administration panels using brute force and phishing attacks.

To protect your router, make sure it is supported by a reputable vendor, regularly update its firmware, and disable the public-facing web panel. Make sure no ports are open, change the default passwords, reboot the device periodically, and review your service plan for potential extra charges.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT