How RAT Malware Is Using Telegram to Evade Detection – Guide

Cybercriminals use malware to extract data that they can use to financially exploit their victims. This data can range from financial data to health records, emails and personal passwords – the possibilities of what kind of information could be compromised are endless. Digitization is increasing day by day, as are cyber attacks, scams and malware attacks. Although users take many security measures to protect themselves from these attacks, hackers find many ways to penetrate users’ devices.

Telegram users should be aware that malware is being spread through fake app installers, and that this malware can steal data and install other malicious files onto devices. In addition, toxiceye is a type of malware that can be used to remotely control infected computers. ..

Malware chatting on Telegram

In early 2021, dozens of users left WhatsApp and switched to messaging apps that promised more data security after the company announced it would share users’ default metadata with Facebook. Many of these users turned to rival apps Telegram and Signal. According to us, Telegram was the most downloaded app:updated with over 63 million installs. Telegram chats are not end-to-end encrypted like Signal chats, and now Telegram has another problem: malware.

Check Point discovered that a malware program called ToxicEye was using Telegram as its communication channel. The program allowed attackers to interact with their malware more easily than through web-based tools. Now, they can tamper with infected computers via a handy Telegram chatbot.

What is ToxicEye and how does it work?

ToxicEye is a type of malware that can give an attacker remote control over an infected computer. This means they can: ..

The goal of this attack is to steal data from the host computer, typically by exploiting vulnerabilities in the system or by using a third-party tool to access sensitive data.

Delete or transfer files to a new location.

Kill all the processes running on the infected computer.

Computer microphones and cameras can be hijacked without the user’s consent or knowledge, allowing unauthorized individuals to record audio and video without their knowledge. ..

A new malware strain is encrypting files on infected machines in order to extort ransom from users. The malware, which is currently being used in a targeted attack campaign, targets files that are typically stored on the desktop, such as photos, videos, and documents. Once encrypted, the files can only be accessed by the attacker if the user pays a ransom. ..

The ToxicEye RAT is a scam that uses a phishing email to install malware on users’ devices. The RAT can mimic legitimate files or be hidden inside them, often disguised as a document or embedded in a larger file. If you fall victim to this scam, the malware will install on your device and allow the attacker to take control of it.

The infection chain

The attacker creates a Telegram account and sets up a Telegram “bot” to perform actions remotely through the app. ..

The malicious source code includes a token that is embedded in it. This token allows the bot to be used to carry out malicious actions.

This malicious code is used to send spam, often disguised as something legitimate that the user can click on.

The attacker’s command center receives the attachment and opens it, installs the malware on the computer, and sends the information back to the attacker.

Final note

Telegram is a messaging app with over 200 million active users. It’s been used by terrorist groups to communicate and coordinate attacks. Telegram is being used by terrorist groups to communicate and coordinate attacks. ..