Advanced Automated Social Engineering Bots: The High Tide of Social Engineering Bots and the Scammers Riding Them

mins read time
Advanced Automated Social Engineering Bots: The High Tide of Social Engineering Bots and the Scammers Riding Them
Published on
November 3, 2021
Blog Image

The COVID 19 outbreak has significantly changed the way we operate in our day-to-day lives. From the unprecedented shift to remote working, to the dependency on online outlets for the fulfillment of even our most basic needs, the internet has become both our boon and our bane. So, it should come as no surprise that the pandemic is marred with an uptick in sophisticated phishing email schemes by cybercriminals who are on a constant lookout for footholds to infiltrate a company or an organization.


Social Engineering – A manipulative bait or a good samaritan?

Social engineering is the formal name for the psychology of persuading and manipulating people into feeling a sense of urgency in taking a certain action. Think about advertisers convincing us to believe that a certain brand of jeans is cooler than the other. Or how massive public health campaigns remind you to get your shot. While this may seem like an innocent marketing trick or a simple awareness drive, in Cybersecurity, Social Engineering has a more sinister motive. Attackers often use all sorts of psychological tricks to lure their victims into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments, and engaging in other unsafe behaviors that may ultimately lead to large scale ransomware attacks or data breaches.


Social engineering attacks are possibly one of the most dangerous forms of security and privacy attacks since they are technically oriented to psychological manipulation and have been growing in frequency with no end in sight. Recent reports have shown that 99% of cyber attacks use social engineering techniques to trick users into installing malware. So, it is important to educate yourself and your workforce on some key indicators of scams and frauds.


Sharing is not caring when it comes to cybersecurity

Social engineering has been one of the largest threats to an organization’s cybersecurity for some time. Scammers are becoming more clever and sophisticated in their attack methods. Several instances have occurred wherein people receive phone calls that appear to be from their bank. The caller sounds legitimate and provides a convincing reason for calling the customer. After comforting the victim with a false blanket of security, the victim is often tricked into giving away their personal and confidential data such as:

  • One-Time-Password (OTP)
  • Credit/ debit card number
  • The card’s CVV number (Card Verification Value – 3 to 4 digit number printed on the flip side of the card)
  • Expiry date
  • Secure password
  • Internet banking login ID and password and other personal information


With all such crucial information at hand, a fraudster can easily carry out illegal financial transactions using the victim’s name.


Automated cyber criminals

Manual fomite of such attacks is quite cumbersome since it requires a lot of human effort to collect the data, analyze, and convince the victim to share their OTP. But cybercriminals have chanced upon a lucrative solution to this problem. They have hopped upon advanced technology that scams using bots that are ultimately safe and steady for the attackers since there are no aftermath traces to be taken care of. This has understandably caused a surge in underground forums and markets with advertisements sales of  OTP/ SMS bots. We may call it an automated social engineering tool.


Bots are automated to do certain tasks and interactions, and can often run without human assistance. They take up a huge amount of the traffic on the internet, and there are both good and bad bots.

Picture depicting an Ai bot under creation
Picture depicting an Ai bot under creation


Good bots often crawl the internet to match our needs and requirements accordingly. Google bots, for instance, help catalog what’s online, so that our search results may be faster and more optimized. Chatbots on the other hand are a good substitute for customer services since they engage with the users to note and cater to them accordingly.


The bad or malevolent bots, on the other hand, can be programmed to break into users’ accounts and steal data, infect computers with dangerous viruses or malware, or perform incessant spamming which ultimately brings down the website. Cybercriminals use bad bots to take over a computer and link it to others to make a network of “zombie computers” called a botnet that can then launch large-scale cyber attacks, thereby blocking users from the internet altogether.


Analysis of forum advertisement

ASC (Asylum for real carders) is a China-based English cybercriminal forum that was launched in 2019. ASC initially started out as a small carding-based forum, but since 2021 has accumulated almost 16,116 members, a relatively large number for a platform that has been active. As a result, the site has more than 250 daily visitors and has 2022 threads. The most active section on ASC is the ‘Carding & Hacking’ Zone, which includes subforums relating to virtual carding, bank carding, cardable sites, hacking tools, payment systems, and tips for newbies on carding activity and methods. Some of the forum’s staff members appear to be particularly active in this section and have created a high proportion of its threads.


The forum added new sections such as VERIFIED MARKET and PREMIUM SECTION. Generally, such forums provide a black marketplace for cybercriminals to exchange malicious tools and services that facilitate all stages of cyber carding crime.

Bad bots – A wretched disguise 


A screenshot of the SMS Ranger bot on the forum 
A screenshot of the SMS Ranger bot on the forum


SMS Ranger is an OTP & SMS capture bot that is capable of getting OTP & SMS codes from victims by impersonating a company or bank. These bots help to get OTP for logins, banks, credit cards, Apple Pay, and more. Traditional methods like SIM swapping for OTP codes are not required. These bots can capture any OTP/ 2FA codes as well as personal info. The service cost is based on the country and monthly subscription as mentioned in the platform:

  • 1 month: USD 600
  • 2 months: USD 1100
  • 5 months: USD 2400
  • Lifetime: USD 4000

The package includes unlimited calls to the US, Canada, or the UK. For all other countries, the service is available for USD 300.


The key features of this service are:

  • Multiple modes to choose from (OTP for logins/ banks /credit cards/ Apple Pay, etc.)
  • Unique text-to-speech each call (Male/Female voice)
  • Multiple languages supported (English/French etc)
  • Multiple countries supported (US / CA/ UK/ AUS/ FR/ RU/ IND)
  • Constant updates every week


Screenshots of the SMS Ranger bot service on telegram 
Screenshots of the SMS Ranger bot service on Telegram


Users usually have to create an account and sign up or contact the service provider via Telegram to avail the bot service through these websites. Scammers generally collect personal information on the dark web or even on social media to sabotage even the most vigilant of people. On the other hand, card leaks from carding shops and data breaches give social engineers more personal information to exploit in a social engineering attack, thereby substantially catalyzing their chances of targeting individuals and committing fraud in the digital age.

Technical analysis

This fraudulent scam involves simple steps:


  • The services, promoted on Telegram, appear to make it remarkably simple for the end-user to scam unsuspecting victims by providing quite menial information via a Telegram chat window to the service.


Screenshot of the steps involved in attacking via SMS Ranger
Screenshot of the steps involved in attacking via SMS Ranger


  • The bot itself is being sold on a Telegram chat room that currently boasts more than 2000 members, getting its creators massive profits from selling monthly subscriptions to cybercrooks.


Screenshots of the sale of SMS Ranger on a telegram channel
Screenshots of the sale of SMS Ranger on a Telegram channel


  • Initially, the bot conversation starts with service renewal by the users and provides the option to select the language and voice. The bot offers variety modes of features which include:
    • Bank OTP mode (select any bank worldwide)
    • Apple/ Google Pay code mode
    • PayPal login mode
    • Account mode (to login to 2FA accounts)
    • Email mode (bypass email security)
    • Carrier mode (capture codes for sim-swapping)
    • Bankmore mode (enhanced banking mode)
    • Credential mode (capture DOB/MMN/ and much more)


This bot also has a new feature of asking users the number of digits present in the OTP. This in turn helps to avoid the victim from inputting a wrong OTP or none at all.


Screenshots of SMS Ranger chats
Screenshots of SMS Ranger chats


Contributors to this Article
Author Image
Related Posts
Blog Image
September 8, 2023

Understanding Knight Ransomware: Advisory, Analysis

Cyclops, now renamed as Knight also known as Cyclops 2.0, debuted in May 2023. The Cyclops group has successfully developed ransomware that can infect all three major platforms: Windows, Linux, macOS, ESXi and Android.

Blog Image
July 28, 2023

Amadey Equipped with AV Disabler drops Redline Stealer

Our researchers have found out The Amadey botnet is now using a new Healer AV disabler to disable Microsoft Defender and infect target systems with Redline stealer.

Blog Image
July 11, 2023

Breaking into the Bandit Stealer Malware Infrastructure

CloudSEK's threat researchers discovered a new Bandit Stealer malware web panel on 06 July 2023, with at least 14 active instances.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.