Cybercriminals are using Telegram bots to steal one-time password tokens (OTPs) and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found.
Researchers from Intel 471 discovered the campaign, which has been operational since June, they said in a report published Wednesday.
“Two-factor authentication is one of the easiest ways for people to protect any online account,” researchers noted in the post. “So, of course criminals are trying to circumvent that protection.”
Through social engineering, threat actors also deceive people into giving them an OTP or other verification code via a mobile device, which the crooks then use to defraud accounts of money, they said.
“The ease by which attackers can use these bots can not be understated,” they wrote in the report. “While there’s some programming ability needed to create the bots, a bot user only needs to spend money