Security News > 2021 > September > AT&T Phone-Unlocking Malware Ring Costs Carrier $200M
The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12 years, according to the Department of Justice, after effectively compromising AT&T's internal networks to install credential-thieving malware.
"Unlocking a phone effectively removes it from AT&T's network, thereby allowing the account holder to avoid having to pay AT&T for service or to make any payments for purchase of the phone," it said.
Undeterred, Fahd hired a software developer to design malware that would allow him to "Unlock phones more efficiently and in larger numbers." The malware was installed in stealth on AT&T's own networks, thanks again to the malicious insiders he had recruited.
"Fahd also had the employees install malware on AT&T's computers that captured information about AT&T's computer system and the network access credentials of other AT&T employees. Fahd provided the information to his malware developer, so the developer could tailor the malware to work on AT&T's computers."
AT&T discovered the malware around October 2013, firing the employees involved.
AT&T has had its share of trouble, including facing a $224 million legal challenge after store employees were caught in a SIM-swapping ring.