Bots running on Telegram are used to steal one-time passwords used for two-factor authentication (2FA).
Intel 471 researchers said on Wednesday That you have noticed an “increase” in the number of these services provided in secret services. Over the past few months, it seems that the variety of solutions to bypass two-factor authentication has increased, and bots have become a popular tool.
Two-factor authentication (2FA) can rely on one-time passwords, codes, links, biometric tags, or a physical dongle to confirm the identity of the account owner. Most often, one-time 2FA passwords are sent via text message to a phone or email address.
Two-factor authentication is used to enhance account security beyond a simple username/password pair, but malicious actors have quickly developed ways to intercept one-time passwords, through malware or social engineering.
According to Intel 471, since June, a number of 2FA bypass services have been abusing the Telegram messaging service. Telegram is used either to create and manage bots, or as the host of a “customer support” channel for cybercriminals that perform these types of operations.
“In these support channels, users often share their success using the bot, often making thousands of dollars from victim accounts,” the researchers say.
Telegram bots are used to automatically contact potential victims during phishing attempts: the goal is to send messages claiming to be from a bank and trick victims into handing over one-time passwords. Other bots target social media users as part of phishing and SIM swap attacks.
To create a bot, a basic level of programming is required, but the task is much less complicated than, say, developing custom malware. What makes matters worse is that, just like traditional bot networks, Telegram bots can be rented to third parties. Once you provide the target victim’s phone number, attacks can start with just a few clicks.
The researchers cited two particular bots; SMSRanger and BloodOTPbot.
The interface and command configuration in SMSRanger is similar to the Slack collaboration platform and can be used to target specific services, including PayPal, Apple Pay and Google Play. BloodOTPbot is an SMS-based bot that can also be used to create automated calls masquerading as a bank.
Intel 471 commented. “Bots show that some forms of two-factor authentication can have their own security risks.” Although SMS and phone call-based one-time password services are better than nothing, criminals have found ways to circumvent the protective measures. ”
Source : ZDNet.com
“Evil thinker. Music scholar. Hipster-friendly communicator. Bacon geek. Amateur internet enthusiast. Introvert.”