Cybercriminals are making use of the Telegram API as a means of communication to their C2, thanks to the infrastructure capabilities of this social network, as it is a legitimate, stable service, a service that is not detectable as malicious by antimalware engines or network tools , allows attackers to carry out their malicious activities with ToxicEye RAT while maintaining your anonymity.
Check Point published an extensive blog post about the new RAT. Its researchers stated that around 130 attacks executed with the new Trojan have been detected in the wild over the past three months. Perhaps part of the reason that the bad actors who operate the ToxicEye RAT have resorted to abusing Telegram on all platforms is the recent surge in popularity that Telegram had. That increase in users was largely due to some of the changes that were made to the way WhatsApp shares information with its parent company on Facebook.
ToxicEye abuses the Telegram platform and uses Telegram to provide command and control functionality for malware. Check Point pointed out a few factors that make Telegram particularly attractive to bad actors, including the fact that an account only requires a mobile phone number, as well as the fact that the way Telegram communicates may allow hackers. Computer scientists exfiltrate information from their victims with relative ease.
The new RAT spreads using the usual method: malicious phishing emails that have an executable file attached which is why it is important not to trust the suspicious emails you receive. Once the executable is opened by the victim, ToxicEye RAT is deployed and can perform a surprisingly versatile range of malicious tasks. Those tasks include data extraction, file manipulation, manipulation of running processes on the victim’s system, recording audio and video in the presence of available hardware, and even file encryption.
The best thing to avoid this threat as we saw before is to have a little discretion and keep a cool head, so we cannot be fooled so easily by these cybercriminals since this type of threat always requires interaction with users.
See more:
FatalRAT – Trojan that spreads via Telegram
Oscorp Malware that attacks Android
