Over the last few years, two-factor authentication has become one of the easiest ways for people to protect any online account.
This has made them a key target of cyber criminals. According to security company Intel 471, it has seen an uptick in services that allow attackers to intercept one-time password (OTP) tokens. All the services that Intel 471 has observed since June either operate via a Telegram bot or provide support for customers via a Telegram channel. In these support channels, users often share their success while using the bot, often walking away with thousands of dollars from victim accounts. "Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator. Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities," says the company in a blogpost.
How cybercriminals steal money using these bots
Another bot, known as BloodOTPbot, also worked sends users fraudulent OTP code via SMS. The bot requires an attacker to spoof the victim’s phone number and impersonate a bank or company representative. The bot then attempts to obtain the verification code using social engineering tricks. The operator would receive a notification from the bot during the call specifying when to request the OTP during the authentication process. The bot would text the code to the operator once the victim receives the OTP and enters it on the phone’s keyboard.
0 Comments