Telegram; Hotseat for threat actors

Telegram is a worldwide application used for broadcasting messages to a large group of people. What happens if a Trojan is spread through the telegram. Recently AT& Alien Labs discovered a new Trojan named “FatalRAT”. It has entered the frame, spreading the malware through software downloads and article links. This trojan is being spread via several Telegram channels in which only the administrators have the access to send messages.

Telegram channels have become a hotbed for the trojans since it is a genuine and stable app that is not blocked by any kind of firewall or antivirus program and also allows these threat actors to stay anonymous. Upon clicking the links, these trojans will:

  • Establish its existence by creating a new service
  • Use an encrypted connection to steal the private data

The RAT can gain access over the administration, gain persistence, create defense evasion techniques, and collect system data, which ironically can only be sent by admins. Besides the invasion of RAT telegram has also being a victim of Toxic eye and XCSSET before. Including all information such as external IPs, addresses, usernames, and other information.

It is very important to follow proper cyber hygiene procedures as it is the only way to block such malware. Do not click links from unknown sources and update your antivirus programs. Reach out to the VAPT services to understand and eliminate any sorts of vulnerabilities before it gets exploited.