Brinztech Alert: Freeman Physical and E-Sim Service is Detected

Dark Web News Analysis

A new illicit service, dubbed the “Freeman” service, has been detected being actively advertised on a known hacker forum and promoted via Telegram. The operators of the service claim to provide physical SIM and electronic SIM (eSIM) cards from a wide range of major Russian mobile operators, including Megaphone, Yota, Beeline, and MTS, as well as foreign SIM cards. The advertisement highlights the availability of “Beautiful” numbers and other features designed to appeal to the cybercriminal underground.

The emergence of this type of “SIM Swapping-as-a-Service” represents a significant threat to the security of all online accounts that rely on SMS for verification. By providing an easy way for other criminals to acquire and control phone numbers, the service acts as a powerful enabler for large-scale account takeovers, financial fraud, and other anonymous malicious activities.

Key Cybersecurity Insights

The appearance of this new service highlights several critical risks:

• A “SIM Swapping-as-a-Service” Operation: The primary threat is that this is a professional service designed to facilitate SIM swapping attacks. It provides other criminals with the fundamental tool needed to take over a victim’s phone number, which is often the master key to their entire digital life.
• A Direct Enabler for MFA Bypass and Account Takeover: The main purpose of this service is to defeat SMS-based Multi-Factor Authentication (MFA). Once an attacker controls a victim’s phone number, they can intercept all login codes, password reset links, and security alerts. This allows them to take over the victim’s most sensitive accounts, including email, banking, and cryptocurrency exchanges.
• Providing Anonymity for Fraudsters: The availability of both Russian and foreign SIM cards allows criminals to create anonymous, untraceable accounts on services like WhatsApp and Telegram. They can then use these numbers to conduct a wide range of fraudulent activities, from phishing to investment scams, without revealing their true identity.

Mitigation Strategies

To combat the significant threat posed by professional SIM swapping services, all online users and service providers must take proactive steps:

• Migrate Away from SMS-Based MFA: The single most important defense is to recognize that SMS-based MFA is no longer secure against determined attackers. It is critical for all users and service providers to migrate to stronger MFA methods, such as authenticator apps (like Google Authenticator or Authy) or, for the highest level of security, physical hardware security keys.
• Secure Your Mobile Carrier Account: All users should immediately contact their mobile phone carrier and add a security PIN or password to their account. This makes it significantly harder for a criminal to fraudulently port their number to a new physical SIM or eSIM.
• Implement SIM Swap Detection: For high-value accounts, service providers (especially banks and crypto exchanges) should implement systems that can detect recent SIM swap or porting activity on a user’s phone number via their telecom provider. High-risk transactions should be temporarily blocked or require additional, more stringent verification if a recent SIM swap is detected.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com