Teacher
Professional
- Messages
- 2,669
- Reaction score
- 829
- Points
- 113
Cybercriminals use Telegram bots to steal one-time passwords that are involved in two-factor authentication (2FA) of credit institution customers. Specialists from Intel 471 drew attention to the suspicious activity.
Cybercriminals offer similar services on forums on the relevant topics in the dark web. Over the past few months, according to Intel 471, attackers have increased the quality and quantity of these services.
This may be due to the rise in popularity of 2FA, as few advanced users already rely on passwords. Criminals are also trying to keep up, developing various schemes and methods to intercept authentication codes.
According to Intel 471, since June the number of services offering to bypass 2FA has grown significantly in Telegram. The messenger is used either to manage the corresponding bots, or to create special channels in which customer support is carried out.
The task of malicious bots is to automatically call or send text messages to victims on behalf of banks in order to ultimately receive one-time codes. To create such a bot, attackers must have basic programming skills.
The researchers gave an example of two such bots: SMSRanger and BloodOTPbot. The first is similar in interface to Slack, while the second works more with SMS messages.
Users are advised to be vigilant and pay attention to the little things that could betray a fraudulent scheme.
