LASER_oneXM

Level 37
Verified
Top poster
Well-known
Feb 4, 2016
2,555
The tokens can be used to shred second-stage account verification.

Telegram-powered bots are being utilized to steal the one-time passwords required in two-factor authentication (2FA) security.

On Wednesday, researchers from Intel 471 said that they have seen an "uptick" in the number of these services provided in the web's underground, and over the past few months, it appears the variety of 2FA circumvention solutions is expanding -- with bots becoming a firm favorite.

Two-factor authentication (2FA) can take the form of one-time password (OTP) tokens, codes, links, biometric markers, or by tapping a physical dongle to confirm an account owner's identity. Most often, 2FA tokens are sent through a text message to a handset or an email address.
 

LASER_oneXM

Level 37
Verified
Top poster
Well-known
Feb 4, 2016
2,555
Intel471 says one new Telegram OTP bot called “SMSRanger” is popular because it’s remarkably easy to use, and probably because of the many testimonials posted by customers who seem happy with its frequent rate of success in extracting OTP tokens when the attacker already has the target’s “fullz,” personal information such as Social Security number and date of birth. From their analysis: ... ... ...


 
Top