Researchers have discovered a new way to steal bank card data of users using the popular Telegram messenger. As reported CyberNews analysts robot companion deceit compels the victim to pass information to him.
Experts believe that the robot, called the OTP Bot, has learned to receive one-time passwords from its victims, sent by banks and other services as one of the authentication steps, in a matter of minutes.
To do this, in a dialogue with the user, information from the databases merged into the darknet is used. The most popular method of deception used by hackers when using the OTP Bot is called "card binding". The bot is tasked with connecting the victim's bank card to the account of the mobile payment application. In this case, the victim's money is spent on buying gift cards in regular stores.
At the same time, scammers do not come into direct contact with the user. The victim is contacted by a bot, which forces an unsuspecting person to transmit a one-time password received from the bank.
The scheme follows the principles of telephone fraud in many ways, but now cybercriminals do not even need to spend time talking to the victim. It is noted that in addition to financial data, they can also steal passwords and login data for various services.
The bot itself is available to cybercriminals by subscription, which can be issued in one of the Telegram channels. Its audience in recent weeks has grown several times, exceeding the mark of six thousand people. CyberNews analysts note that the hacker tool rental model is becoming more and more popular.
