Zimperium Inc. has issued a warning about a new malware called SMS Stealer, which poses significant threats to account security by intercepting onetime password (OTP) messages. The malware, identified in over 105,000 samples across more than 600 global brands, uses fake ads and Telegram bots to gain access to victims’ SMS messages. Once active, it transmits stolen OTPs and other sensitive information to command-and-control servers, enabling attackers to perform account takeovers, deploy ransomware, and facilitate significant financial theft. The incident underscores a critical vulnerability in current security frameworks and highlights the evolving sophistication of mobile threats.