Cybercriminals are using tools they can already access, such as Telegram chat app, to enhance their efforts. In the hands of the wrong people, they can make cyberattacks easier and faster.
Researchers with security firm Intel 471 issued a report detailing how criminal hackers are using an automated bot script to call random phone numbers and pretend to be PayPal or other popular financial apps in order to take advantage of people who are not paying attention. The script, which they call SMSRanger, attacks users by yelling at them to “update your anti-virus program immediately” if they fail to pick up the automated call.
A hacker group has been able to target users of Telegram’s instant messaging service, and work their way into the accounts of unsuspecting people by discovering and targeting their ” trusted ” contacts. Successful bypasses can lead to hacks and financial exploitation.
Intel 471 recently released a report stating that the security platform has seen attackers targeting victims using services that impersonate financial institutions or call centers in an attempt to steal valuable information including login codes.
“Some companies also target other popular social media platforms or financial services to acquire sensitive information. For example, one fake trading application was designed to steal login credentials for hotmail, Facebook, Netflix and Citibank.”
Lately, a lot of cybersecurity companies have been introducing tools that can create text messages to spread malware. “These tools make this all too easy,” the researchers tell us. They go on to say that their system is different from others because it’s easier for less experienced criminals as there are automated features as well as commands that criminalizes any message making their job much quicker and easier.
What sets SMSRanger apart from other tools, according to the researchers, is its super simple use that requires only a basic understanding
A new type of phishing attack that can be carried out by smart bots is being reported on. After scanning through multiple emails, it’s possible for a bot to make up its own approaches to direct phishing attacks towards certain accounts, granting unintended access to the accounts once texted or called.
“Users claim that SMSRanger has an efficacy rate of about 80% if the victim answered the call and the full information (fullz) was accurate and updated.”
With the introduction of these easy to use messaging apps, there is concern that more criminals will be able to commit more crimes in the cyber-realm. The fear is that with this expanded user base many scams will occur and there would be further loss for both individuals and businesses.
“While there’s some programming ability required to create chatbots, a bot user only needs to spend money to obtain a phone number for a target then click buttons that are presented within the platform used.”