Threat actors have made Telegram channels their favorite hangout. Recently a Remote Access Trojan (RAT) has just appeared on the scene, spreading via Telegram.
What Transpired?
The trojan, called FatalRAT, is being propagated via Telegram media articles and software download links. These messages can only be sent by the channel’s administrators. In addition to achieving persistence, RATs are capable of evading detection, collecting system information, and exfiltrating data.
It Matters Because..
- Either by starting a new service or by editing an existing registry, the RAT can achieve persistence in the network.
- Using an encrypted C2 channel steals confidential information. External IP addresses, users, and other information are included in the report.
- The malware is capable of deleting user information from Firefox, Chrome, Edge, QQBrowser, 360Secure Browser, and SogouBrowser, among other web browsers.
Why Telegram?
In addition to FatalRAT, XCSSET and Toxic Eye malware have lately targeted Telegram. Due to Telegram’s status as a reputable and stable program that is not prohibited by network management tools or antivirus software. Fraudsters are attracted to the app since only a phone number is all that is required for registration and threat actors can continue to stay in the shadows.
Obfuscation, antivirus, and anti-sandbox evasion, and encrypted communications are just a few of the malevolent functionalities that makes FatalRAT a considerable threat. As a result of this, our internal experts believe that this trojan and its numerous samples will continue to spread in the future. They advise end users to stay protected by adhering to good cybersecurity hygiene practices.
To read more, please check eScan Blog
