Hackers Target WhatsApp (OTP) Code
Hackers utilized a call forwarding trick to steal WhatsApp accounts’ credentials. In the latest hacking scam, the technique employed by the threat actors allow them to infiltrate and take over a victim’s WhatsApp account, which grants access to the individual’s personal messages and contact list.
The main aspect of the hack relies on the automated call forwarding service that is provided by mobile carriers. In addition, WhatsApp’s (OTP) verification code is another main component in the hacking campaign. With the social platform option to deliver a one-time password (OTP) verification code through voice call, dark web hackers can easily intercept the code and use it to access victims’ android phones.
MMI Code Deception
Research analysts reported that the strategy is commonly used to hack WhatsApp accounts. The latest hacking incident was reported by Rahul Sasi, the founder, and CEO of CloudSEK, a digital risk prevention company.
And according to BleepingComputer, only highly experienced hackers are able to successfully carry out this strategy, as there are several restrictions set in place by WhatsApp, which can only be bypassed by an experienced threat actor.
The cyber security research carried out by the security analysts, shows that within a few short minutes a hacker can effortlessly take full control of his victim’s WhatsApp account. However, the dark web hacker must be good at social engineering because the first step for them is to obtain the target’s contact information. In addition, to engaging socially with the intended target.
Some social engineering strategies observed by the research team show that the criminal hacker will first persuade the victim to dial a number that begins with a Man Machine Interface (MMI) code. Once this is done the victim’s cellphone carrier will enable call forwarding. Thus, via a separate MMI code, all inquiries are easily transmitted to the carrier’s terminal, even through a congested connection and oftentimes with no reception, a high success rate is accomplished depending on the phone’s carrier.
Victims Tricked to Transfer Number
The codes begin with the letter A star (*) or a hash (#) sign that often precedes them. These codes are very accessible to the hacking community as they are abundantly supported by all the major USA mobile network operators.
With the recently discovered WhatsApp hack, the victim will be contacted by the hacker, who will persuade them to dial *67 or 405. This will immediately log out the victim’s WhatsApp account, and give the criminal total access to the victim’s account.
According to the research, this 10 digit code now belongs to the hacker. With the MMI code accessed, it instructs the mobile carrier to redirect calls to the hacker’s supplied phone number if the victim’s line is busy.
After transferring communications to another number, the hacker begins the WhatsApp signup procedure, by utilizing the OTP voice call option. And once the OTP code is secured, the hacker can now register the victim’s account to their device.
The threat actor can also implement the two-factor authentication (2FA) key. And once all the outlined strategies are completed by the hacker, the lawful owner is prohibited from recovering or accessing the WhatsApp account.