A widespread SMS-stealing campaign has compromised Android devices in 113 countries, utilizing over 2,600 automated Telegram bots to distribute malware that intercepts one-time passwords (OTPs) for more than 600 services. Researchers at Zimperium have been monitoring this operation since February 2022, identifying more than 107,000 distinct malware samples. The campaign primarily targets users in India and Russia, but significant infections have also been reported in Brazil, Mexico, and the United States. Cybercriminals lure victims through malvertising and illegitimate Telegram bots that offer pirated apps, requiring users to share their phone numbers which are then exploited for tracking. The malware gains access to SMS permissions to capture OTPs, which are then sent to a specific API endpoint at 'fastsms.su,' a site that provides access to virtual phone numbers for anonymization. Users are advised to avoid downloading APK files from outside official stores and to be cautious about granting unnecessary permissions to apps.