It has come to light that Telegram bots are now being used to steal one-time passwords most commonly used in two-factor authentication security methods.
Researchers from Intel 471 reported that they’d seen an increase in the number of these services, with new methods coming up to bypass 2FA coming up in the past few months. Telegram bots are spearheading this growth.
A number of ‘services’ offering 2FA circumvention have been abusing Telegram since June. The app is being used to create and manage bots as well as sort of a customer support channel for cybercriminals using these services.
In the News: Is Amazon’s Astro really the Astro we know?
Sending a different Telegram
These Telegram bots are being used to call potential victims, claiming to be a bank and lure them into handing over OTP codes. These phishing attempts work automatically and are working out well for cybercriminals; as the researchers pointed out by saying, “in these support channels, users often share their success while using the bot, often walking away with thousands of dollars from victim accounts.”
Creating a bot requires a basic level of programming skill, but it’s much easier than developing custom malware for a particular system. Not to mention much more versatile. Besides, much like traditional botnets, Telegram bots can be leased out, meaning once a victim’s phone number is submitted, an attack can be carried out in a few taps. There are other bots targetting users in phishing and SIM-swap attacks as well.
Researchers have pointed out two bots in particular — SMSRanger and BloodOTPbot. SMSRanger is quite similar to Slack’s collaboration platform and can carry out attacks on services like PayPal, ApplePay, GooglePay and even banks or carriers. BloodOTPbot, on the other hand, is an SMS based bot that can generate automatic calls impersonating bank staff.
In the News: Games are coming to Netflix subscriptions soon
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.