Hackers Are Using Telegram to Spread Malware and Control the System

Check Point researchers identified more than 130 cyber attacks using a Remote Access Trojan called ToxicEye. This malware is managed by cybercriminals through Telegram messenger app.

As per Check Point Research, there is a new trend of attack among cybercriminals, where Telegram is used as a control-and-command system to spread malware even popular application is not installed or is not used, the system allows attackers to send malicious commands and operations remotely.

Check Point Research explained that they identified more than 130 cyber attacks that resorted to a Remote Access Trojan (RAT) called ToxicEye, communicating with their servers and sending all the data collected there.

ToxicEye is spread via phishing emails embedded with malicious .exe files. Once it open by victim, these files start installing the malware on the it's equipment and increase a series of operations that go undetected.

The Malware can execute the range of exploits without the victim’s knowledge:

• ·         Data theft
• ·         Delete or transfer files
• ·         Encrypt files for a ransom (Ransomware)
• ·         Remote control and I/O hijacking
• ·         Installation of a Keylogger
• ·         Hijack the computer's microphone and camera to record audio and video from the computer.

How This Attack Infection Chain Works -

The researcher mentioned “ The attacker first creates a Telegram account and a Telegram ‘bot.’ A Telegram bot account is a special remote account with which users can interact by Telegram chat or by adding them to Telegram groups, or by sending requests directly from the input field by typing the bot’s Telegram username and a query.”

Attacker embeds The Telegram bot into the ToxicEye RAT configuration file then compile into an executable file and this executable file (.exe) can be injected into a Word document also. When victim open this doc file or email , this .exe get installed into this computer and make the same infected. Now victim’s computer can be attacked via the Telegram bot and attackers control this system.

Cybercriminals find Telegram as an essential part of their attacks and it  allows attackers to remain anonymous as the registration process only requires a mobile number, The messaging app Telegram is not blocked by antivirus solutions or network security tools.

Attackers can easily extract data from users equipment or transfer new malicious files to infected devices. Hackers can use their mobile phone to access infected computers from any location in the world.

Identify if your system is compromised and tips to strengthen security

1. Search for RAT file - First of all you should search your computer for the file (rat.exe) in location (without quotes): “C: \ Users \ ToxicEye \ rat.exe if this file exists on your computer, you must immediately contact your helpdesk and delete this file.
2. Traffic Monitoring - You can monitor the traffic generated from your personal or organization's system to Telegram C&C accounts. If you see such traffic and Telegram is not installed as a business solution, this is an indication that system has been compromised.
3. Identify Phishing or Malicious Emails - It is very important to beware of any kind of attachments files that have usernames because malicious/spam emails often use the your username as the subject line or name of the file. These could be suspicious emails and you should not open these attachments,  delete the email immediately and not reply to the sender. If you receive an email from unlisted or undisclosed  sender it indicates that the email is malicious or phishing.
4. Anti-Phishing Software - In order to minimize the risks phishing attacks for an organization, it is AI-based anti-phishing software  that is able to identify and block malicious content from all communication services (i.e. emails )and platforms (i.e. computers, handheld devices)

5 Most Commonly Used Method To Hack And Preventive Measures

There are number of methods used by hackers to hack your Email/Social Network account and get your personal information. Today I will let you know 5 Most commonly used method to hack or crack your account password and preventive actions to avoid such attacks. This article will help to make your account safe.

1.      Brute Force Attack:

Brute Force attack or cracking is a hit and trial method to match all possible combinations of password. In Brute Force attack, that automated tool calculates every possible combination of numbers, letters and special characters that could make up a password and test that password whether it is the correct password or not. The cracking time is determined by the length and complexity of the password. This means short passwords can usually be cracked quite quickly.

Preventive Measures: Always use long and complex passwords using upper and lowercase letters along with numbers and special characters. Brute-force attack will take decades to crack long and complex passwords.

2.      Social Engineering

In Social engineering, hacker try to manipulate known person to gain trust and get information from them. Hacker can call his co-worker or friend and pretend to be from the IT department and ask for his login details. Nowadays hackers are calling the victims pretending to be from bank and ask for their credit/debit cards details. Many people fall into the trap and lose their money.

Preventive Measures: If someone tries to get your personal, bank details, any password or OTP, never ever give such details on phone or emails.

3.      Keyloggers:

Keylogger can be software and hardware both. Hacker install Keylogger software on victim’s computer by sending any malicious file. Most of the Keylogger work in stealth mode so you can not find them into installed programs. Hacker can monitor every keystore including passwords and control the computer remotely. Cyber Cafe’s operator connect keyboard in hardware Keylogger and collect all your information.

Preventive Measures: Never use cyber cafe or someone else computer to login on your bank account. If its important use on-screen or virtual keyboard while tying the login.  Never open any email attachment if it comes from unknown source or user.

4.      Phishing:

Phishing is the popular hacking method used by hackers to get someone login details. In Phishing attack hacker create fake page of any real website and send to victim. If receiver put his login detail on this fake page, this page sends all details to hacker. It’s very easy to create such kind of fake pages and host on servers.

Preventive Measures: Always make sure that websites url is correct. For example, URL of phishing page of ICICI might look like ICIICI.com (As you can see There are two "I").

5.      Guessing:

Guessing easily helps you to get someone password within seconds. In This method, if hacker knows you, he can try to guess your password by using your known information i.e. your name, surname, phone number or date of birth.

Preventive Measures: Never use your name, surname, phone number or date of birth as your password. Always use long and complex passwords using upper and lowercase letters along with numbers and special characters.