Hackers Use Telegram Bot to Steal Banking Data

Researchers have discovered a new method for stealing users’ bank card information using the popular messaging app Telegram. According to CyberNews analysts, a chatbot tricks victims into handing over their sensitive details.

Experts report that the bot, known as OTP Bot, has learned to obtain one-time passwords (OTPs) sent by banks and other services as part of two-factor authentication, often within just a few minutes. The bot uses information from leaked databases found on the dark web to interact with users.

How the Scam Works

The most common scam technique used with OTP Bot is called “card linking.” The bot’s goal is to connect the victim’s bank card to a mobile payment app account. The victim’s money is then spent on purchasing gift cards from regular stores.

Importantly, the scammers never contact the victim directly. Instead, the bot communicates with the unsuspecting person and convinces them to provide the one-time password received from their bank.

This scheme closely resembles traditional phone scams, but now cybercriminals don’t even need to spend time talking to the victim. In addition to financial data, the attackers can also steal passwords and login credentials for various services.

Growing Popularity Among Cybercriminals

The bot is available to criminals through a subscription, which can be purchased in certain Telegram channels. Its user base has grown several times over in recent weeks, surpassing six thousand people. CyberNews analysts note that the model of renting out hacking tools is becoming increasingly popular.