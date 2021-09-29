In Telegram there are bots of all kinds, from those that return the weather information to those that search for pirated books or movies. It is not difficult to make a bot for Telegram, and many users use them frequently, but we must be very careful with which one we use so as not to lose our access data.

This is demonstrated by a new study that reports that there are bots in Telegram that are being used to steal the one-time passwords required in two-factor authentication security.

Researchers at Intel 471 have seen an increase in the number of malicious bots, capable of intercepting one-time passwords through malware or social engineering. In many cases, they are bots that pose as customer support services, deceiving the user when they ask for the one-time password to perform some type of specific action.

The modus operandi It is varied, but I will put a simple example to understand:

[…] A user searches for the customer service of a company on Telegram, and comes across a bot with the name of the company they are looking for. He starts talking to him thinking he is the officer, and gives him all the information he asks for, including passwords.

In other cases, the bots in question make phishing attempts, to send messages claiming to be from a bank and to try to lure victims into delivering one-time codes.

It is so easy to create a bot that many times they are created for an attack and disappear shortly after to appear with another name. In the study there are two bots specialized in capturing SMS, such as SMSRanger and BloodOTPbot, but there may be many others.

It is not the first time we have seen how criminals have targeted Telegram, in April Check Point Research spoke of a remote access Trojan (RAT) called ToxicEye that uses Telegram to use its communications service to carry out infections.

We always recommend trusting only verified Telegram accounts, and if you have any questions, you can find in contact with our Technology group on the platform, where we will help you eliminate them.