According to a report from security firm Zimperium, this campaign has been detected and tracked since February 2022. To date, at least 107,000 related malware samples have been identified.
This malware primarily targets Android devices, aiming to steal OTP codes—a type of one-time password commonly used for two-factor authentication during login or online transactions.
This attack campaign used over 2,600 Telegram bots to spread malware, controlled by 13 Command & Control (C&C) servers. Victims of this campaign spanned 113 countries, but were most concentrated in India, Russia, Brazil, Mexico, and the United States.
Android users face the risk of having their OTP codes stolen.
Malware is spread through two main methods. Victims may be tricked into accessing fake websites disguised as Google Play. Or, victims may be lured into downloading pirated APK applications via Telegram bots. To download the application, users must provide their phone number, which the malware then uses to create a new APK file, allowing attackers to track their activity or carry out further attacks.
When users inadvertently grant SMS access to a malicious application, the malware can read SMS messages, including OTP codes sent to their phones. This not only allows attackers to steal sensitive information but also puts victims at risk of account misuse and even financial fraud.
Once an OTP code is stolen, attackers can easily access the victim's bank accounts, e-wallets, or other online services, causing serious financial consequences. Furthermore, some victims may unknowingly become involved in illegal activities.
Zimperium also discovered that this malware transmits stolen SMS messages to an API endpoint at 'fastsms.su', a website specializing in selling access to virtual phone numbers overseas. These phone numbers can be used to remain anonymous in online transactions, making tracing them more difficult.
To protect themselves from the risk of attack, Android users are advised to:
Do not download APK files from sources outside of Google Play: These files may contain malware that can easily steal your information.
Do not grant SMS access to applications from unknown sources: This will reduce the risk of malware being able to read your OTP messages.
Activate Play Protect: This is a Google Play security feature that scans and detects malicious apps on your device.
Source: https://www.congluan.vn/nguoi-dung-co-nguy-co-bi-danh-cap-ma-otp-tren-dien-thoai-android-post306111.html
![[Photo] General Secretary and President To Lam presides over a meeting on preparations for the review of one year of operation of the three-tiered government system.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/06/02/1780391821195_a1-bnd-4595-9717-jpg.webp)
Comment (0)