Telegram bots attack one-time passwords

Telegram bots attack one-time passwords

Bots running on Telegram are used to steal one-time passwords used in two-factor authentication (2FA).

On Wednesday, researchers at Intel 471 said they had seen an “increase” in the number of such services provided in underground circles. Over the past few months, it seems that the variety of solutions to bypass two-factor authentication has increased, and bots are becoming a popular tool.

Two-factor authentication (2FA) can rely on one-time passwords, codes, links, biometric tags, or a physical dongle to confirm the identity of an account owner. Most often, 2FA one-time passwords are sent by text message to a phone or email address.

Two-factor authentication is used to strengthen account security beyond the simple username / password pair, but malicious actors have quickly developed methods to intercept one-time passwords, through software. malicious or social engineering.

According to Intel 471, since June a number of 2FA bypass services have been abusing the Telegram messaging service. Telegram is either used to create and manage bots, or as a “customer support” channel host for cybercriminals performing these types of operations.

“In these support channels, users often share their success in using the bot, often walking away with thousands of dollars from victim accounts,” the researchers say.

Telegram bots are used to automatically call potential victims during phishing attempts: the goal is to send messages claiming to be from a bank and trick victims into handing over one-time passwords. Other bots target social media users as part of phishing and SIM swap attacks.

To create a bot, a basic level of programming is required, but the task is much less complex than developing custom malware, for example. What makes matters worse is that, just like traditional botnets, Telegram bots can be leased to third parties. Once a targeted victim’s phone number is submitted, attacks can begin with just a few clicks.

The researchers cited two particular bots; SMSRanger and BloodOTPbot.

The interface and command configuration of SMSRanger is similar to that of the Slack collaboration platform and can be used to target particular services, including PayPal, Apple Pay, and Google Play. BloodOTPbot is an SMS-based bot that can also be used to generate automatic calls that masquerade as a bank.

“Bots show that some forms of two-factor authentication can have their own security risks,” commented Intel 471. “Although one-time password services based on SMS and phone calls are better than nothing, the criminals have found ways to circumvent the protective measures. ”

Source: ZDNet.com

Bots running on Telegram are used to steal one-time passwords used in two-factor authentication (2FA). On Wednesday, researchers at Intel 471 said they had seen an “increase” in the number of such services provided in underground circles. Over the past few months, it seems that the variety of solutions to bypass two-factor authentication has increased,…

Leave a Reply

Your email address will not be published. Required fields are marked *