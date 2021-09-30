Whenever we talk about privacy and security issues, 2FA authentication mechanisms and OTP keys appear as good alternatives. The truth is better than nothing, considering that hackers are always advancing in ways to circumvent security mechanisms. In that sense, the cyber intelligence firm Intel 471 has revealed the existence of Telegram bots dedicated to stealing OTP keys and circumventing 2FA authentications.

The bots discovered are called SMSRanger and BloodOTPbot and are a new threat that we must be very vigilant about.

Telegram bots that steal keys and circumvent 2FA authentication

To understand this issue, we must have a broad understanding of what two-step authentication is about, which you may use in your accounts. It is a mechanism that serves to validate the identity of the user, requesting some data that it must handle and that becomes the true access key. This is what is called an OTP key or One Time Password, that is, a one-time code. In that sense, what happens is that Telegram bots capable of intercepting these keys have been programmed.

Intel 471 researchers have noticed a spike in publishing services capable of bypassing 2FA authentication. Of course, these types of announcements are made in forums and Telegram groups, which today represent one more layer of the web. It should also be noted that these bots are used in false user support groups, where they end up sharing data that is exploited by computer criminals.

As for the functions that these bots offer, we have an example with SMSRanger. This is one of the Telegram bots capable of stealing OTP keys and the worst thing is that it targets different services. In that sense, it is offered to do it in Paypal, Apple Pay and Google Pay.

Although bots fulfill very interesting tasks, they can also be used for this type of purpose. Avoid being victims of mechanisms such as those mentioned, begins by paying close attention to the bots that we start on our computer and the groups where we enter. Considering that they usually apply Pishing techniques, it is necessary to differentiate between legitimate and fake groups.