Thursday, April 22, 2021

Hackers Are Using Telegram to Spread Malware and Control the System

Check Point researchers identified more than 130 cyber attacks using a Remote Access Trojan called ToxicEye. This malware is managed by cybercriminals through Telegram messenger app.

As per Check Point Research, there is a new trend of attack among cybercriminals, where Telegram is used as a control-and-command system to spread malware even popular application is not installed or is not used, the system allows attackers to send malicious commands and operations remotely.

Check Point Research explained that they identified more than 130 cyber attacks that resorted to a Remote Access Trojan (RAT) called ToxicEye, communicating with their servers and sending all the data collected there.

ToxicEye is spread via phishing emails embedded with malicious .exe files. Once it open by victim, these files start installing the malware on the it's equipment and increase a series of operations that go undetected.

The Malware can execute the range of exploits without the victim’s knowledge:

  • ·         Data theft
  • ·         Delete or transfer files
  • ·         Encrypt files for a ransom (Ransomware)
  • ·         Remote control and I/O hijacking
  • ·         Installation of a Keylogger
  • ·         Hijack the computer's microphone and camera to record audio and video from the computer.

How This Attack Infection Chain Works -

The researcher mentioned “ The attacker first creates a Telegram account and a Telegram ‘bot.’ A Telegram bot account is a special remote account with which users can interact by Telegram chat or by adding them to Telegram groups, or by sending requests directly from the input field by typing the bot’s Telegram username and a query.

Attacker embeds The Telegram bot into the ToxicEye RAT configuration file then compile into an executable file and this executable file (.exe) can be injected into a Word document also. When victim open this doc file or email , this .exe get installed into this computer and make the same infected. Now victim’s computer can be attacked via the Telegram bot and attackers control this system.




Cybercriminals find Telegram as an essential part of their attacks and it  allows attackers to remain anonymous as the registration process only requires a mobile number, The messaging app Telegram is not blocked by antivirus solutions or network security tools.

Attackers can easily extract data from users equipment or transfer new malicious files to infected devices. Hackers can use their mobile phone to access infected computers from any location in the world.

Identify if your system is compromised and tips to strengthen security

  1. Search for RAT file - First of all you should search your computer for the file (rat.exe) in location (without quotes): “C: \ Users \ ToxicEye \ rat.exe if this file exists on your computer, you must immediately contact your helpdesk and delete this file.
  2. Traffic Monitoring - You can monitor the traffic generated from your personal or organization's system to Telegram C&C accounts. If you see such traffic and Telegram is not installed as a business solution, this is an indication that system has been compromised.
  3. Identify Phishing or Malicious Emails - It is very important to beware of any kind of attachments files that have usernames because malicious/spam emails often use the your username as the subject line or name of the file. These could be suspicious emails and you should not open these attachments,  delete the email immediately and not reply to the sender. If you receive an email from unlisted or undisclosed  sender it indicates that the email is malicious or phishing.
  4. Anti-Phishing Software - In order to minimize the risks phishing attacks for an organization, it is AI-based anti-phishing software  that is able to identify and block malicious content from all communication services (i.e. emails )and platforms (i.e. computers, handheld devices)

3 comments:

  1. **HACKING TOOLS WITH TUTORIALS & FULLZ AVAILABLE**
    (High Quality, Genuine Seller)

    =>Contact 24/7<=
    Telegram> @killhacks
    ICQ> 752822040

    Fullz info included
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included
    High credit fullz with DL 700+
    (bulk order negotiable)
    **Payment in all crypto currencies will be accepted**

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    TOOLS & TUTORIALS AVAILABLE FOR:

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS"

    **TOOLS & TUTORIALS LIST**

    ->Ethical Hacking Tools & Tutorials
    ->Kali Linux
    ->Keylogger & Keystroke Logger
    ->Facebook & Google Hacking
    ->Bitcoin Flasher
    ->SQL Injector
    ->Paypal Logins
    ->Bitcoin Cracker
    ->SMTP Linux Root
    ->DUMPS with pins track 1 and 2
    ->SMTP's, Safe Socks, Rdp's brute, VPN
    ->Php mailer
    ->SMS Sender & Email Blaster
    ->Cpanel
    ->Server I.P's & Proxies
    ->Viruses
    ->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
    ->HQ Email Combo

    If you are searching for a valid vendor, it's very prime chance.
    You'll never be disappointed.
    **You should try at least once**

    Contact 24/7
    Telegram> @killhacks
    ICQ> 752822040

    ReplyDelete
  2. CONTACT:(wizardcyprushacker@gmail.com) We are best when it comes to hacking our services include: 1. School Grades Change 2. Drivers License 3. Hack email 4.
    Database hack 5. Facebook, Whatsapp 6. Hack Call Logs, 7. Retrieve messages, deleted data and recovery of messages, bitcoins hack and recovery lost funds
    on cell phone 8. Crediting , Money Transfer and other various activies 9. Sales of Dumps, Dead drops and fresh CC We
    also sell high grades techs and hacking chips and gadgets if you are interested in Spying on anyone. We sell software,
    apps for hacking service. Your security is 100% guarantee and we have testimonies all around the world.We get your job done without any disappointment.
    Interested parties can reach us at (wizardcyprushacker@gmail.com) whatsapp +1 (424) 209-7204

    ReplyDelete

  3. I know and can recommend a very efficient and trustworthy hacker. I got his email address on Quora , he is a very nice and he has helped me a couple of times even helped clear some discrepancies in my account at a very affordable price. he offers a top notch service and I am really glad I contacted him. He's the right person you need to talk to if you want to retrieve your deleted/old texts,call logs,emails,photos and also hack any of your spouse’s social network account facebook,reddit,instagram, messenger chats, telegram,snapchats and whatsapp, He offers a legit and wide range of hacking services. His charges are affordable and reliable, This is my way of showing appreciation for a job well done. contact him for help via address below..
    Email : Leonardomitnickhacking@gmail.com

    ReplyDelete