Cybercriminals are using bots purchased from Telegram to trick users into accessing their cryptocurrency accounts.
According to a report by cybersecurity firm Intel471, one-time password bots are “surprisingly easy to use” and relatively inexpensive to operate in terms of the amount that can be gained from a successful attack.
The Telegram bot, known as BloodOTPbot, requires a monthly fee of no more than $300 for hackers to gain access to. Scammers also have the option to spend an additional $20-100 on various phishing tools targeting individual social media accounts on Instagram, Facebook, Twitter, financial services such as PayPal and Venmo, and cryptocurrency platforms such as Coinbase.
OTP bots are highly virulent, as they are usually the last step in the hacking process after collecting all necessary personal information about the victim, known in hacker parlance as “fullz”. Hackers use an OTP bot to set up a supposedly official phone call while simultaneously requesting a binary authorization code (2FA) from the user’s crypto platform. When the usually bewildered user reveals the code, the hackers gain immediate and complete access to the victim’s account.
According to a CNBC report, Maryland obstetrician Dr. Anders Apgar was the victim of such an attack, with an “official phone call” along with a series of alerts on his phone telling him that his Coinbase account was “locked.” ” Risk. ”
Apgar found himself in a situation where his 2FA token was exposed over the phone and immediately after that, he found himself banned from his Coinbase account, which contains about $106,000 in Bitcoin (BTC).
These types of attacks by OTP bots are becoming more frequent and are causing great harm to both institutions and individual investors. Bots have a very high success rate when it comes to raising money.
About it: 4 Tips to Avoid Phishing Attacks
Coinbase customer support has been criticized in the past after angry users took the platform out due to the lack of response from hackers. In an effort to improve response times and relationships with customers, Coinbase has acquired an Indian startup and created a phone line specifically to handle account takeovers and related attacks.
A Coinbase spokesperson told CNBC, “Coinbase will never contact its customers uninvited, and we urge everyone to be careful when providing information over the phone. Your account information or security codes. Instead, hang up and call the official phone number listed on your organization’s website.” “