Over the last few years, two-factor authentication has become one of the easiest ways for people to protect any online account. This has made them a key target of cyber criminals.
According to security company Intel 471, it has seen an uptick in services that allow attackers to intercept one-time password (OTP) tokens. All the services that Intel 471 has observed since June either operate via a Telegram bot or provide support for customers via a Telegram channel. In these support channels, users often share their success while using the bot, often walking away with thousands of dollars from victim accounts. “Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator. Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities,” says the company in a blogpost.
How cybercriminals steal money using these bots
The blog post says that one particular bot, known as SMSRanger, is extremely easy to use. A simple slash command allows a user to enable various “modes” — scripts aimed as various services — that can target specific banks, as well as PayPal, Apple Pay, Google Pay, or a wireless carrier. Once a target’s phone number has been entered, the bot does the rest of the work, granting access to whatever account has been targeted. The SMSRanger’s efficacy rate is said to be about 80% if the victim answered the call and the information provided was correct.
Another bot, known as BloodOTPbot, also worked sends users fraudulent OTP code via SMS. The bot requires an attacker to spoof the victim’s phone number and impersonate a bank or company representative. The bot then attempts to obtain the verification code using social engineering tricks. The operator would receive a notification from the bot during the call specifying when to request the OTP during the authentication process. The bot would text the code to the operator once the victim receives the OTP and enters it on the phone’s keyboard.
Yet another bot, known as SMS Buster, requires a bit more effort from an actor in order to obtain account information. The bot provides options to disguise a call to make it appear as a legitimate contact from a specific bank while letting the attackers choose to dial from any phone number. From there, an attacker could follow a script to track a victim into providing sensitive details such as an ATM PIN, card verification value (CVV) and OTP, which could then be sent to an individual’s Telegram account. The bot, which was used by attackers targeting Canadian victims, gives users the chance to launch attacks in French and English.
As of this blog post’s publication date, Intel 471 has seen accounts illegally accessed at eight different Canadian-based banks.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
