The tokens can be used to shred second-stage account verification.
Telegram-powered bots are being utilized to steal the one-time passwords required in two-factor authentication (2FA) security.
On Wednesday, researchers from Intel 471 said that they have seen an "uptick" in the number of these services provided in the web's underground, and over the past few months, it appears the variety of 2FA circumvention solutions is expanding -- with bots becoming a firm favorite.
Two-factor authentication (2FA) can take the form of one-time password (OTP) tokens, codes, links, biometric markers, or by tapping a physical dongle to confirm an account owner's identity. Most often, 2FA tokens are sent through a text message to a handset or an email address.