Researchers at Intel 471 report that telegram-equipped bots are the most popular threat actors because these Telegram bots steal OTP required in Telegram’s 2FA (two-step authentication) security process. So far, two telegram bots called SMSRanger and BloodOTPbot have been found to have participated in this malicious campaign.
Hackers selling sensitive data from the OTP manufacturer
The researchers note that with the rise of 2FA bypass solutions, the number of these services has increased dramatically over the past few months. Although 2FA security has emerged as a powerful solution to protect our accounts, threatening agents are eager to develop ways to exploit OTP and access user accounts through social engineering or malware. The researchers note “While texting and phone-based OTP services are better than nothing, criminals have found ways to protect social engineering”
How does 2FA work?
For your information, the purpose of 2FA Security is authenticating the user before accessing certain services. This verification can be in the form of a one-time password or OTP tokens, links, codes, biometric markers, or simply the need to tap on a physical dongle. 2FA tokens are usually sent to your email address or mobile device as a text message.
How robots exploit Telegram and Telegram bots steal OTP
Intel 471 revealed that since June, they have seen a sharp increase in using Telegram messaging services by 2FA bypass solutions. The Telegram platform is used either to create / manage bots or as a customer support channel for cybercriminals.
According to researchers, telegram bots automatically contact potential victims of phishing and send messages that appear to have been sent by the bank. These bots try to trick victims into delivering OTP codes. In this way Telegram bots steal OTP .some bots target social media users through phishing and SIM-swap attacks.
Two key Telegram bots steal OTP were identified
Researchers have identified two bots that participated in this malicious campaign. One of the Telegram bots steal OTP is called SMSRanger and the other is called BloodOTPbot. The SMSRanger command setup and interface is almost similar to the Slack collaboration platform and could potentially target services such as Apple Pay, PayPal and Google Play.
In contrast, BloodOTPbot is an SMS-based bot that can forge automated calls instead of supporting bank customers. , on the other hand Brian Krebs warned about KrebsOnSecurity- a new cybercrime service on Telegram that allows attackers to track one-time passwords, which most websites need as an extra security measure to authenticate users.
“These services are emerging because of their functionality and profitability. And they are profitable because they lead a large number of websites and user services to multi-factor authentication methods that can be tracked, forged or misdirected,” Brian Krebs wrote on his blog. “Direct-like one-time SMS-based codes or even OTP tokens created by the app”.
How can OTP Telegram bots empty your digital currency account?
In a new way, fraudsters use advanced Telegram hacking robots to deceive investors and steal their 2fa or OTP. After that Telegram bots steal OTP, the account is simply locked and the holder has access to the account, and after a while, you realize that your account has been completely emptied.
Telegram hacking bots are used by Crypto scammers to deceive investors into disclosing their two-step authentication information, leading to account lock-in and deletion.
Cybercriminals use their purchased OTP telegram robot to trick users into accessing their digital currency accounts at exchange offices.
According to a report from cybersecurity company Intel471, one-time password telegram (OTP) robots simply allow fraudsters to launch a successful attack on their prey for a very small amount of money and empty an individual’s account. Hackers use the Telegram OTP robot to make a seemingly formal phone call to a person’s mobile phone and at the same time request the 2FA code from the person’s digital currency exchange. Fraudsters will easily gain full access to a person’s account when the user confuses the code to the hackers.
The statement of Coin base spokesman
“Coin base never makes unwanted calls to its customers and we encourage everyone to be careful when providing information over the phone. If you call someone who claims to be a financial institution, do not disclose any of your account details or security code. “Instead, hang up the phone and call the official phone number listed on the organization’s website.”