Police arrests distributor of JokerOTP password-stealing bot

The Dutch National Police arrested a 21-year-old man from Dordrecht as part of a cybercrime investigation by Team Cybercrime Oost-Brabant. The suspect is believed to have distributed a tool known as JokerOTP, a bot used to intercept one-time passwords (OTPs) used to secure online accounts and financial transactions.

Police suspect the Dordrecht resident of selling the bot through a Telegram account and of holding license keys associated with it.

This marks the third arrest in the investigation. Police arrested the developer and a co-developer of JokerOTP in April and August 2025.

“Victims were automatically called by the bot, informing them that criminals were trying to access their accounts. The bot then asked them to enter their one-time password. Victims think they’re protecting themselves by providing information,” said Anouk Bonekamp, ​​Cybercrime Team Leader.

“This plays on feelings of uncertainty and fear, while a one-time password is intended to prevent malicious actors from logging into your account. Using the bot, 2FA can be bypassed, allowing the cybercriminal to access victims’ accounts and commit fraud.”

Police say the investigation is still underway and that dozens of JokerOTP bot buyers in the Netherlands have already been identified and are expected to be prosecuted in due time.