Rise in Telegram Bots Targeting 2FA Authentication Codes

Cybercriminals are increasingly using bots on Telegram to steal one-time passwords (OTPs) involved in two-factor authentication (2FA) for clients of financial institutions. This suspicious activity was recently highlighted by experts at Intel 471.

These types of services are being offered by cybercriminals on dark web forums. According to Intel 471, both the quality and quantity of these services have grown significantly over the past few months. The surge in popularity of 2FA may be a contributing factor, as more advanced users are no longer relying solely on passwords. Criminals are adapting as well, developing new schemes and methods to intercept authentication codes.

Telegram as a Platform for 2FA Bypass Services

Intel 471 reports that since June, the number of services offering to bypass 2FA has increased substantially on Telegram. The messenger is used either to control these bots or to create special channels for customer support.

The main function of these malicious bots is to automatically call or send text messages to victims on behalf of banks, ultimately aiming to obtain one-time codes. To create such a bot, attackers need only basic programming skills.

Examples of Malicious Bots

• SMSRanger: Features an interface similar to Slack and is used to manage phishing attempts.
• BloodOTPbot: Specializes in working with SMS messages to intercept authentication codes.

Recommendations for Users

Users are advised to stay vigilant and pay attention to small details that may indicate a fraudulent scheme. Always verify the authenticity of messages or calls claiming to be from your bank, and never share your one-time codes with anyone.