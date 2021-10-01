It is, without a doubt, one of the best contributions that Telegram has and that the competition has not even been able to match in functionality. Bots are chats capable of acting without the need for a human to intercede and that carry out automated tasks of all kinds: from reminding us of the weather, when a package we are waiting for will arrive, or retrieving definitions from Wikipedia in record time so as not to have to access the browser. But as with any positive innovation for the user, it is possible to turn it around and use it for dark purposes, at the service of cybercriminals who try a thousand times to get hold of our most confidential information. And one of those data that we all seek to protect however it is are passwords. Especially single-use ones that, on paper, only we can know. What are one-time passwords? Many hackers have realized that two-step verification systems have made knowing our passwords useless, so they seek to go one step further and try to find out which are those one-time passwords that some authentication apps generate. , or that they come to us through SMS that we receive at the moment of logging in. So some bots within the messaging application are being updated to act in that area. When a hacker finds that an account is protected by a one-time code, if he has the victim’s data, he could try to communicate with her through Telegram with a bot, asking him to give him that number or password that he just received by via an authentication app, an SMS, an email, a call, etc. Once the user provides that information (for example, that of a bank), criminals access and try to take as much money in the shortest possible time. Unlike phishing by SMS, SIM duplication or email, this case of Telegram bots is a little more dangerous because the user could come to think that he is talking to a representative of the bank or any other entity of which he is a client , when it is simply a computer program. According to the researchers, “bots show that some forms of two-factor authentication can have their own security risks. […] While OTP services based on SMS and phone calls are better than nothing, criminals have found ways to engineer “new threats to users. And Telegram bots are one of them.>