Just recently researchers have discovered a campaign that has been operational since June 2021, which has secretly been exploiting Telegram bots to compromise the banking information of users. More specifically, the campaign is stealing the one-time password tokens (OTPs) and stealing valuable PayPal, Apply Pay, and Google Pay information.
While manipulating bots is one part of the campaign, the other part is in manipulating users to give out their account information. Fraudsters are doing this by calling victims, getting in touch through mail, and even sending out SMS messages to retrieve this valuable information. The mission aims to get the verification code from the user and then use this to steal whatever they want from their accounts.
As researchers delved deeper into this matter they came to find that is campaign had a very close similarity to another campaign that was discovered earlier this year in January, where attackers were using bots developed by Russian cybercriminals for a similar purpose. In this particular case, researchers have identified three main bots that have been exploited by attackers and are now working to resolve the issue.
To get a better understanding of the situation let’s look at different aspects of the attack and how an attack is put together.
Making use of bots that are already available on Telegram is a relatively straightforward procedure. Attackers need to pay a small amount to get access to the bot and then they can enter in commands for the bot to follow. These commands, also known as scripts, can also be used on various other platforms that use similar bots. In this way, they can target specific services on the victims’ machine and they can also retrieve certain information. In this case, this was banking information and these bots were designed specifically to retrieve PayPal information, Apple Pay, and Google Pay information as well.
A very effective way to make their fishy messages seem more credible is for attackers to impersonate well-known institutes that the user is likely to trust. Whether this is during a call or through an SMS message, as attackers are looking to get vital information they often use social engineering tactics along with a reliable alias to uncover the information they need. As the bot exists on the victim's phone as soon as the user receives the OTP the bot relays this information to the attacker, and the attacker has access.
These bots are widely available on the black market and are not very expensive to use either. Moreover, people using the bot can pay extra for additional services and also target people on many other platforms using many other kinds of financial instruments.
This approach is a bit harder but it is also a lot more direct. In this approach, the attacker calls up the victim directly and pretends to be calling from a bank. During the conversation, the attacker will try and convince the user to give out their ATM PIN or credit card information, or OTP. With this information, the attacker can easily withdraw funds and even use this information to make online purchases.
Overall, cybercrime is growing and attackers are constantly coming up with new ways to fraud people into giving out their information. If you receive any such calls, definitely take them with a pinch of salt and make sure you are dealing with an authentic entity before sharing any information.