Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,220
- Points
- 113
Malware intercepts one-time codes that give access to bank accounts.
Attackers are increasingly using Telegram as a management server (C2) for malware. A recent study by Positive Technologies revealed more than a thousand telegram bots of Indonesian origin, which are used to intercept one-time codes needed to log in to various services and user accounts. Among the victims of these attacks were not only residents of Indonesia, but also Russia and Belarus.
The bulk of malware analyzed by experts consists of two types of stealers — SMS Webpro and NotifySmsStealer. Attackers do not create their own malware from scratch, but use ready-made templates. The class structure, names, and code of these stealers are identical; only the C2 sample servers and the Telegram message format differ. NotifySmsStealer differs from SMS Webpro in that it is able to steal information not only from messages, but also from notifications.
The attacks are aimed at ordinary users who receive phishing messages with an attachment in the form of an APK file. After downloading this file, victims unwittingly install an SMS stealer on their phones, which allows attackers to intercept one-time codes to log in to services. After receiving a one-time password from the bank account, criminals can withdraw funds from the victim's account.
Experts of Positive Technologies during the study of telegram bots found a lot of chats of Indonesian origin, daily attracting attention with a large number of messages and victims. They found that the spread of SMS stealers often started with phishing attacks on WhatsApp. The attackers used wedding invitations, bank notices and other documents as bait.
According to experts, most of the victims of these attacks are citizens of Indonesia, where the number of victims is estimated at thousands. In India and Singapore, the number of malware downloads has reached several dozen. There are unique types of stealers in India and Bangladesh. In Russia, Belarus and Malaysia, isolated cases of attacks were recorded.
To protect yourself from stealers, experts recommend:
Following these guidelines will help users significantly reduce the risk of malware infecting their devices and protect their data from cybercriminals.
Source
Attackers are increasingly using Telegram as a management server (C2) for malware. A recent study by Positive Technologies revealed more than a thousand telegram bots of Indonesian origin, which are used to intercept one-time codes needed to log in to various services and user accounts. Among the victims of these attacks were not only residents of Indonesia, but also Russia and Belarus.
The bulk of malware analyzed by experts consists of two types of stealers — SMS Webpro and NotifySmsStealer. Attackers do not create their own malware from scratch, but use ready-made templates. The class structure, names, and code of these stealers are identical; only the C2 sample servers and the Telegram message format differ. NotifySmsStealer differs from SMS Webpro in that it is able to steal information not only from messages, but also from notifications.
The attacks are aimed at ordinary users who receive phishing messages with an attachment in the form of an APK file. After downloading this file, victims unwittingly install an SMS stealer on their phones, which allows attackers to intercept one-time codes to log in to services. After receiving a one-time password from the bank account, criminals can withdraw funds from the victim's account.
Experts of Positive Technologies during the study of telegram bots found a lot of chats of Indonesian origin, daily attracting attention with a large number of messages and victims. They found that the spread of SMS stealers often started with phishing attacks on WhatsApp. The attackers used wedding invitations, bank notices and other documents as bait.
According to experts, most of the victims of these attacks are citizens of Indonesia, where the number of victims is estimated at thousands. In India and Singapore, the number of malware downloads has reached several dozen. There are unique types of stealers in India and Bangladesh. In Russia, Belarus and Malaysia, isolated cases of attacks were recorded.
To protect yourself from stealers, experts recommend:
- Check the extensions of the received files.
- Do not download apps from links in messages from unknown numbers, even if the senders are identified as bank employees.
- When downloading from Google Play, check whether the app name is correct through official sources.
- Do not download or install apps that require suspicious permissions.
Following these guidelines will help users significantly reduce the risk of malware infecting their devices and protect their data from cybercriminals.
Source
