Although it is called the safest online messaging application, Telegram can still be infiltrated by dangerous Trojans. Recently discovered a dangerous Trojan which has been infiltrating Telegram for a long time.
ToxicEye, a Trojan That Attacks Telegram
First reported by a security researcher from Checkpoint Research is Omer Hofman. It has reported a Trojan called ToxicEye RAT. He said the attack ToxicEye could hack remote control systems, steal data, and install ransomware. In the past three months, there have been more than 130 attacks.
Reporting from ZDNet, the attack started with the operator ToxicEye RAT creating a Telegram account and a bot. Then, it is used for a variety of functions including reminder, search, issue command, and launch polls.
This account gives them the opportunity to connect with other users on Telegram through conversations, add people to groups, or send requests by entering the bot’s Telegram username. In this case, the bot is embedded in the malware configuration to target the victim.
Next, they combined the bot token with the ToxicEye RAT and sent it in an email attachment. When the user opens the email, they will be directed to the system connected to the hacker’s Telegram account and a link to a malicious channel that has been set up. ToxicEye RAT has the ability to scan and steal credentials, computer OS data, browser history, clipboard content, cookies, options for operators to transfer and delete files, kill PC processes, and hijack management tasks.
This Trojan can also spread keyloggers and is able to infiltrate microphones and camera peripherals to record audio and video. Another feature, the ability to encrypt and decrypt victim files. If you suspect this Trojan, search for “C: Users ToxicEye rat.exe.” This applies to both individual and corporate use.
The abuse of Telegram has actually been done for a long time. In 2017, the Masad malware was hacked, said Checkpoint. In fact, there is lots of malware that uses Telegram for malicious activity.