Illegal services that allow threat actors to evade the protection that two-factor authentication (2FA) brings are rampant in underground forums. While 2FA is the most helpful method of protecting a user’s privacy against criminals hacking into their accounts, threat actors have also found a way to sidestep the protection. One of these is the usage of bots on the Telegram messenger app to steal users’ one-time passwords (OTP) to hack into their accounts.
Threat actors use a bot script called SMSRanger to send automatic messages to victims. The messages will pretend to be a bank institution that prompts users to send their OTP codes and bank account credentials.
If the first step of the attack is successful, the Telegram bots will collect the OTP codes, which enable the hackers to bypass the OTP verification system of the victim’s bank account.
They will be able to hack into the bank account and withdraw the victim’s funds.
SMSRanger is an easy-to-use bot script, according to security researchers. Threat actors would only need to learn basic script commands in Telegram, making the deception a simple task. Therefore, the use of SMSRanger can not only be exploited by professional threat actors, but those who are unskilled can also use it.
The Telegram bot does most of the work in hacking after the threat actor has accessed the victim’s phone number. According to security researchers, the tool’s usage has an 80% efficacy rate, especially if the victim has responded and shared the complete information that the hacker needs.
Another bot called BloodOTPbot has also been identified. It has the capability of sending victims fraudulent OTP codes through text messages. With some social engineering techniques, threat actors will trick victims into giving up their OTP verification codes.
Telegram bot was used in Austria to produce fake vaccine certificates free of charge. The fake vaccine certificates are also being sold in countries such as the UK, the US, Australia, Ireland, Portugal, and Brazil.
Telegram is a powerful messaging tool that claims to deliver a message faster than other apps. However, it also became one of the most exploited platforms by threat actors to commit cybercrime due to its benefits.