Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Positive Technologies experts warn about the activity of cybercriminals using Telegram as a command center (C2). In particular, the researchers identified more than a thousand bots in the messenger that use SMS stealers to intercept authentication codes.
According to Positive Technologies, telegram bots are of Indonesian origin. Statistics on the regions where the malware was uploaded to the device indicate that attackers are also targeting residents of Russia and Belarus.
Experts identified two malicious programs — SMS Webpro and NotifySmsStealer, which became the basis of the cybercrime campaign. For writing Trojans, templates were used, which made it easier for operators to work.
SMS Webpro and NotifySmsStealer share the same code, only the C2 servers, the format and content of messages in Telegram differ. However, NotifySmsStealer is slightly more functional: it steals information not only from messages, but also from push notifications.
As a rule, the victim receives a message with an attached APK file. Without paying attention to the extension, the user downloads this file, as a result of which an SMS stealer is installed on their mobile device.
The task of the latter is to intercept authentication codes that will give attackers access to the victim's bank account. So far, there have been only isolated cases of infection in Russia and Belarus, and the bulk of them have been residents of Indonesia.
According to Positive Technologies, telegram bots are of Indonesian origin. Statistics on the regions where the malware was uploaded to the device indicate that attackers are also targeting residents of Russia and Belarus.
Experts identified two malicious programs — SMS Webpro and NotifySmsStealer, which became the basis of the cybercrime campaign. For writing Trojans, templates were used, which made it easier for operators to work.
SMS Webpro and NotifySmsStealer share the same code, only the C2 servers, the format and content of messages in Telegram differ. However, NotifySmsStealer is slightly more functional: it steals information not only from messages, but also from push notifications.
As a rule, the victim receives a message with an attached APK file. Without paying attention to the extension, the user downloads this file, as a result of which an SMS stealer is installed on their mobile device.
The task of the latter is to intercept authentication codes that will give attackers access to the victim's bank account. So far, there have been only isolated cases of infection in Russia and Belarus, and the bulk of them have been residents of Indonesia.
