Security Experts Warn Against New Malicious Campaign Targeting Android Devices Through Telegram Bots

Security researchers are ringing alarm bells linked to malicious campaigns that are targeting Android devices.

The latest alert has to do with a campaign where a giant figure of Telegram bots was used to infect users’ devices with the help of SMS-stealing malware. This steals one-time 2FA passwords relating to more than 600 services.

Meanwhile, researchers from Zimperium ended up discovering a massive operation that was first tracked down in February of 2022. This is where they spoke about finding close to 107K malware samples linked to the campaign.

The cybercriminals intended to provide financial gains and would end up infecting so many devices as a form of authentication relay.

These SMS stealers are either distributed via malware ads or via Telegram bots that give rise to chats with victims through automated means. As far as the first case is concerned, victims are led to copy the actions of Google Play. This means saying hello to rising download counts to provide further legitimacy and have people thinking it’s trustworthy.

Through the Telegram app, these bots promise to provide users with pirated Android apps and ask for personal details like phone numbers before sharing APK files.

These bots from Telegram make use of figures for generating the latest APK and for ensuring personalized tracking takes place for protection in the future.

The operation makes use of 2600 bots from the Telegram app to market a lot of Android APK that is under the control of 13 command and control servers.

Most of these victims are present in regions of Russia and India while other places worth mentioning include the US, Mexico, and Brazil.

More details from Zimperium speak about how the malware transmits the captured text message to certain API endpoints such as a certain website. This is where visitors can buy access to phone numbers virtually in different nations and that is used for anonymization and authentication to various online apps and services.

Experts feel the chances are high that victims' infected devices are being used by the service on offer but they’re not aware of what’s going on. Meanwhile, any requested permissions for access to Android SMA enable the malware to attain the necessary OTPs for registrations online and 2FA.

Victims would incur charges through unauthorized means on mobile accounts where devices are used for illegal activities that get traced back to their original phone or number.


Image: DIW-Aigen

Read next: Google Chrome Offers Better Cookie Protection For Windows With App-Bound Encryption
Previous Post Next Post