News Criminals use Telegram to control ToxicEye malware


Dorblue

Essential
Joined
28.09.20
Messages
93
Reaction score
258
Points
33
The malware is capable of stealing data, transferring and deleting files, terminating processes, launching a keylogger, etc.
Attackers have become more likely to use the Telegram messenger as a C & C server in order to distribute malware to steal confidential information. Experts from the company Check Point have recorded at least 130 attacks over the past three months, using Telegram to install a new multifunctional Trojan for remote access ToxicEye.

Telegram is not only not blocked by corporate antivirus solutions, but also allows attackers to remain anonymous. The registration process requires only a mobile phone number, so you can access infected devices from almost anywhere in the world.

The ToxicEye malware, distributed through phishing emails, uses Telegram to communicate with the C & C server and download data. The malware is also capable of stealing data, transferring and deleting files, terminating processes, launching a keylogger, taking control of a computer's microphone and camera to record audio and video, and even encrypting files to demand a ransom.

The chain of attacks begins with the attacker creating a Telegram bot, which is then embedded in the RAT configuration file before being compiled into an executable file (for example, "PayPal verification tool saint.exe"). Then.The EXE file is embedded in a Microsoft Word document (solution.doc), which, when opened from an email, loads and runs the RAT.
 
Top Bottom