When the bot places the automated call and asks the victim to enter a code they just received, the hacker will simultaneously trigger a legitimate code to be sent from the targeted platform to the victim’s phone. They may do this by entering the victim’s username and password on the site so the victim receives a login or authorization code. Although the script in the call may tell the victim that the code is for one purpose—perhaps blocking a cash transfer or protecting their account from unauthorized entry—in reality the hacker is using the code to enter the account themselves.
The bot then takes the victim’s inputted code, feeds it back to the bot’s interface, and the hacker can then use the code to login.
Cox, J. (2021, November 2). The booming underground market for bots that steal your 2FA codes. Vice. https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo