The malicious actors that operate a new Remote Access Trojan (RAT)- ToxicEye is now exploiting the Telegram service as a command-and-control system to distribute malware within the organization. The malware can be used to steal sensitive information from the targeted systems.
Researchers from the security firm Check Point have identified more than 130 attacks for the past three months. The attacks make good use of the multi-functional remote access trojan (RAT) they are called as ToxicEye. It has become the latest in the line of malware strain that uses Telegram to launch attacks. According to the researchers, the system allows the threat actors to send malicious commands via the messaging app even, it is not installed or being used.
The attack begins when the operators of ToxicEye create a Telegram bot. The bot is later embedded into the RAT’s configuration file before it compiles with the execution file. The .EXE file is inserted into a decoy Word document that when opened or download runs the Telegram RAT.
The bots are quite helpful and used for several functions like searches, reminders, and issue certain commands. But, here the bots are embedded into the malware to carry out the malicious activities.
Like the malicious bot, the ToxicEye RAT also has various functions. It can scan and steal valuable credentials, clipboard content, browser history, operating system data, and cookies. Moreover, it provides operators the option to transfer and delete files and hack task management.
It is not the first time that the instant messaging app that has over 500 million monthly active users facilitates malicious activities. In September 2019, a threat actor dubbed Masad Stealer stole information and cryptocurrency wallet data from infected computer systems using Telegram.
In the previous year, Magecart groups also adopted the same technique to send the stolen payment details from the compromised websites to the cyber-crooks. A few days back, Telegram was used by hackers to distribute cryptocurrency-stealing malware and stole more than $500,000 from the attack.
To prevent yourself from being a victim, go and search for ”C:/Users/ToxicEye/rat.exe. If you found any file with this name so remove it from your system.
