OTP interception bot

September 29, 2021

The Rise of One-Time Password Interception Bots

This post was originally published on this siteIn February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. An ad for the OTP interception service/bot “SMSRanger.” Many websites now require users to supply both a password and a numeric code/OTP token sent via text message, or one generated by mobile apps […]