Over the last few years, two-factor authentication has become one of the easiest ways for people to protect any online account. This has made them a key target of cyber criminals.
According to security company Intel 471, it has seen an uptick in services that allow attackers to intercept one-time password (OTP) tokens. All the services that Intel 471 has observed since June either operate via a Telegram bot or provide support for customers via a Telegram channel. In these support channels, users often share their success while using the bot, often walking away with thousands of dollars from victim accounts. "Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator. Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities," says the company in a blogpost.
How cybercriminals steal money using these botsThe blog post says that one particular bot, known as SMSRanger, is extremely easy to use. A simple slash command allows a user to enable various "modes" — scripts aimed as various services — that can target specific banks, as well as PayPal, Apple Pay, Google Pay, or a wireless carrier. Once a target’s phone number has been entered, the bot does the rest of the work, granting access to whatever account has been targeted. The SMSRanger's efficacy rate is said to be about 80% if the victim answered the call and the information provided was correct.
Support the originator by clicking the read the rest link below.