July 31, 2024 at 06:09AM
A new malicious campaign has utilized over 107,000 unique samples of Android apps to steal SMS messages and intercept one-time passwords (OTPs). This large-scale operation has targeted users in 113 countries, with India and Russia topping the list. Malware remains hidden, continuously monitoring new incoming messages to obtain OTPs for fraudulent activities. Telegram has been increasingly abused by malicious actors for various purposes, including malware propagation and C2.
Here are the key takeaways from the meeting notes:
– A new malicious campaign has been observed, which utilizes malicious Android apps to steal users’ SMS messages for identity fraud.
– Over 107,000 unique samples of malicious apps have been identified, with over 99,000 previously unknown and unavailable in generally available repositories.
– These malicious apps are designed to intercept one-time passwords (OTPs) used for online account verification.
– Victims of the campaign have been detected in 113 countries, with India and Russia topping the list.
– The malware is distributed through deceptive ads mimicking Google Play Store app listings and 2,600 Telegram bots.
– The malware remains hidden, constantly monitoring new incoming SMS messages, with its primary target being OTPs used for online account verification.
– The threat actors accept various payment methods, including cryptocurrency, to fuel a service called Fast SMS, which allows customers to purchase access to virtual phone numbers.
– The findings highlight the continued abuse of Telegram by malicious actors for various purposes, including malware propagation.
Let me know if you need further details or additional information.