Security experts have just discovered a malicious campaign stealing OTP codes on Android devices globally, by infecting devices with malware through thousands of Telegram bots.
Researchers at the security firm Zimperium discovered this malicious campaign and have been monitoring it since February 2022. They report finding at least 107,000 different malware samples related to the campaign.
The malware tracked messages containing OTP codes for over 600 global brands, some with hundreds of millions of users. The hackers' motive was financial.
 |
| Telegram bots are asking users to provide their phone numbers to send APK files. |
According to Zimperium, SMS stealer malware is spread through malicious advertisements or Telegram bots, automatically communicating with victims. There are two scenarios that hackers use to carry out attacks.
Specifically, in the first case, the victim is tricked into accessing fake Google Play pages. In the other case, the Telegram bot promises users pirated Android apps, but first, they must provide their phone number to receive the APK file. This bot will use that phone number to create a new APK file, allowing hackers to track or attack the victim in the future.
Zimperium reported that the malicious campaign used 2,600 Telegram bots to promote various Android APKs, controlled by 13 Command & Control servers. Victims spanned 113 countries, but the majority were from India and Russia. The US, Brazil, and Mexico also had significant numbers of victims. These figures paint a worrying picture of the large-scale and highly sophisticated operation behind the campaign.
Experts discovered malware that transmits captured SMS messages to an API endpoint on the website 'fastsms.su'. This website sells access to virtual phone numbers abroad, which can then be used for anonymity and authentication on online platforms and services. It is highly likely that infected devices were exploited without the victims' knowledge.
Furthermore, by granting access to SMS, victims enable malware to read SMS messages, steal sensitive information, including OTP codes used during account registration and two-factor authentication. As a result, victims may see their phone bills skyrocket or inadvertently become involved in illegal activities, with their devices and phone numbers being traced.
To avoid falling victim to malicious actors, Android users should not download APK files from outside of Google Play, should not grant access permissions to unrelated applications, and should ensure Play Protect is enabled on their devices.
Source: https://baoquocte.vn/canh-bao-chieu-tro-danh-cap-ma-otp-tren-thiet-bi-android-280849.html
Comment (0)