Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic. The channels function as technical support hubs where users exchange instructions on creating custom payloads, setting up secure tunnels, and manipulating HTTP headers to disguise data usage, which has circulated numerous configuration files for various telecom providers over the past year. To bypass data metering on telecom networks, attackers leverage various tunneling techniques by manipulating data packets using tools like HTTP Injector to mimic traffic from zero-rated services (exempt from data charges). Payload generators further enhance this deception.
Source: GBHackers