When we talk about online privacy and protection, the very first thing that comes in our mind is Two Factor Authentication (2FA). Surprisingly, cybercriminals are attempting to try new ways on how to bypass this protection so as to access the One Time Passwords (OTPs) of the users.
Bots these days are in news because of their involvement in cybercrime such as SIM swapping, phishing, and data breaches. The bots automatically call targets as a part of phishing scams and lure them to give up the OTP codes. This implies that the configuration of bots is not up to date and somewhere the hackers have been able to find out the loophole in the codes.
According to the reports of Cyware Social, there are two bots of concern, said by Intel 471 researchers. Those are BloodOTPbot and SMSRanger. The first one is an SMS enables bot and can be used to make automatic calls, making believe the user that the person calling them is a bank employee. A classic act of phishing. The second one is used to target specific apps and services such as Google Pay, PayPal, and Apple Pay.
There are other bots also which are on the radar such as dubbed SMS buster which require a little more effort to get it hacked. This bot is also used to mimic the attacker as a bank employee.
In a nutshell, apps such as Telegram should not be considered safe in the given environment where even Two Factor Authentication is not safe. Hackers are becoming very pro-active and are trying every other way to get access to information and using it for their advantage.