Why is a TG bot that allows you to change the Caller-ID dangerous?

Today, news broke into the media about a Telegram bot for phone calls with the function of substituting a return number. On Habré, too, has already appeared . Well, since I am Alexey Drozd, I thought that you might be interested in learning a few details about the bot's functionality and about the threats it carries.





An old song in a new way

From a technical point of view, the attack is nothing new. The novelty is rather from the functional side. The appearance of such a bot lowers the entry threshold for scammers to zero. If earlier you had to move your brain a little in order to read the instructions for setting up a virtual PBX, now you just need to move your finger. Everything is intuitive.





Reducing the cost of attacks, as well as lowering the entry threshold, contributes to the growth of popularity. The first association that came to mind was @LukaSafonov's old post about leaked Citadel sources . Demand generates not only supply, but also service. So the TG bot also has the opportunity to smoke manuals, write to the support and see various reports of its activities. In the best traditions, an affiliate program with referrals is screwed on.





, - . .





?

, . , . , .





- ? . , , pitch. , .





?

, , . 2 : -- + . 1 . 2, , .





. " ", . , . , , , . . " ". , . , .





"" . , , , . It's a trap! .





P.S. , , . , , , . @iiwabor. . . , , "" , , " " . , . , \ \\.








All Articles