Telegram bots are out to steal your one-time passwords

New scam lets cyber criminals steal money from victims

Cyber criminals are using bots on the Telegram messenger app to steal credentials with a one-time password, intercept control of user accounts, and steal bank funds. 

Hackers are using a bot script called SMSRanger to send automatic messages to people, allegedly on behalf of a bank, PayPal, or other popular financial applications, According to a security researcher at Intel471.

Automatic messages prompt users to send one-time password (OTP) codes along with other account information. If successful, Telegram bots collect codes, enabling hackers to bypass the bank's OTP verification system, hack a user’s account, and withdraw funds. 

Researchers said SMSRanger is easy to use. The ability to specify numbers, goals, and the company the program will masquerade as is quite simple, so the criminal only needs to know some basic script commands in Telegram. This means SMSRanger is popular not only among experienced cyber criminals, but also among relatively unskilled ones.

Once the hacker enters the target's phone number, the bot does the rest of the work, ultimately granting access to any successfully attacked account. Researchers said hackers using the tool have about an 80% efficacy rate if the victim answered the call and the user’s full information was accurate and updated.

Researchers also discovered another bot called BloodOTPbot. This can send users a fraudulent OTP code via SMS. The bot requires an attacker to spoof the victim’s phone number and impersonate a bank or company representative.

“The bot then would attempt to call the victim and use social engineering techniques to obtain a verification code,” said researchers.

The operator would receive a notification from the bot during the call specifying when to request the OTP during the authentication process. The bot would text the code to the operator once the victim received the OTP and entered it on the phone’s keyboard, added researchers.

A third bot, known as SMS Buster, requires a bit more effort to obtain account information. The bot provides options to disguise a call and make it appear as a legitimate contact from a specific bank, letting the attackers dial from any phone number.

Related Resource

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Whitepaper front coverDownload now

“From there, an attacker could follow a script to trick a victim into providing sensitive details such as an ATM personal identification number (PIN), card verification value (CVV) and OTP, which could then be sent to an individual’s Telegram account. The bot, which was used by attackers targeting Canadian victims, gives users the chance to launch attacks in French and English,” said researchers.

The researchers added they have seen accounts illegally accessed at eight different Canadian-based banks.

“The ease by which attackers can use these bots cannot be understated. While there’s some programming ability needed to create the bots, a bot user only needs to spend money to access the bot, obtain a phone number for a target, and then click a few buttons,” researchers said.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Apple's mixed reality headset could debut in 2022
augmented reality (AR)

Apple's mixed reality headset could debut in 2022

29 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021