Cybercriminals use robots bought at Telegram to trick users into giving them access to their crypto accounts.
According to a report from cybersecurity company Intel471, One Time Password (OTP) robots are “remarkably easy to use” and are relatively inexpensive to operate in relation to the amount that can be earned from a successful attack.
A telegram robot known as ‘BloodOTPbot’ pays a monthly fee of just $ 300 to hackers to access. Scammers also have the option to spend an additional $ 20 to $ 100 for additional phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services like Paypal and Venmo, and crypto platforms like Coinbase.
OTP bots are especially bad because they are generally the final step in the hacking process, after all the necessary personal information has been collected about the victim, known in hacker parlance as “the fullz”. Hackers use the OTP robot to stage a seemingly official phone call, at the same time prompting the 2FA code from the user’s crypto platform. Once the typically confused user reveals the code, hackers gain immediate and full access to the victims account.
According to a report CNBC’s Maryland-based obstetrician Dr Anders Agpar was the victim of such an attack in which an “official audio call” along with a series of standard notifications on his phone informed him that his Coinbase account “is in danger”
Dr. Agpar ended up in a situation where his two-factor authentication (2FA) code was revealed by phone and he immediately found himself locked out of his own Coinbase account which held approximately $ 106,000 in Bitcoin (BTC).
These types of attacks by OTP boots are increasing in frequency and are causing great losses to both institutions and individual retail investors. The robots have an extremely high success rate in extracting funds.
Related: 4 tips to prevent phishing attacks
Customer service at Coinbase has been the subject of criticism in the past after angry users slammed the platform for lack of accountability in dealing with hackers. In an attempt to improve response times and customer relationships, Coinbase got an Indian AI start and created a phone line specifically to deal with account takeovers and related attacks.
A Coinbase spokesman told CNBC, “Coinbase will never make unsolicited calls to its customers, and we urge everyone to be careful when delivering information over the phone. or security codes. Instead, stop and recall them at the official phone number listed on the organization’s website. ”