According to TechRadar, new research by malware analyst Omer Hofman at Check Point Software Technologies, Telegram may be a growing focus for the malicious activity of threat actors. After Whatsapp was restricted to use by some users with new policies and settings, Telegram became more relevant than ever. it’s due to this rapid emergence that has attracted many harmful agents.
The cybercriminals in question are using Telegram as their command and control system (C&C) to distribute their attack tools. One special thing Check Point Research (CPR) has seen increase recently is the ToxicEye remote access trojan, which appeared in more than 130 attacks in just 3 months.
ToxicEye was distributed via an .exe file contained inside phishing emails. It’s an old tactic, but it works well enough to get ToxicEye inside people’s computers. Once the trojan is in it, it can steal data, erase system processes, hijack the device’s microphone and camera, and encrypt files to keep them for ransom.
The malware is tracked down by attackers via Telegram, which communicates with them through their C&C servers. This server is also the place to store the stolen data. Telegram is favored by hackers because of a number of criteria: It is a legitimate service, easy to use and stable, not blocked by enterprise antivirus tools or network management tools. ; The attackers can remain anonymous as the registration process only requires a mobile phone number; Telegram’s unique communication features mean attackers can easily wipe data from a victim’s PC or transfer new malicious files to infected machines.