Telegram channels have become a hotbed of threats. Remote Access Trojan (RAT) has recently joined the scene, spreading via Telegram channels.
FatalRAT, is being spread via Telegram articles and software download links. Administrators of the channels have access to send these messages. This type of malware is capable of acquiring persistence, resisting detection, gathering system information, and exfiltrating data, among other capabilities
Why does it matter?
- The RAT can either create a new service or alter an existing registry to ensure persistence.
- It steals private data using a C2 connection that is encrypted. External IP addresses, usernames, and other details are included in the information.
- Users’ personal information may be deleted from Firefox, Chrome and Edge browsers as well as QQBrowser, 360 Secure Browser, and SogouBrowser.
Why Telegram is vulnerable?
In addition to FatalRAT, XCSSET and Toxic Eye viruses have recently exploited Telegram. The fact that Telegram is a genuine and dependable app that is not banned by network management tools or antivirus software is the major reason why hackers use it. A phone number is all that is required for registration, allowing threat actors to remain anonymous.
Obfuscation, antivirus evasion and anti-sandbox evasion, and encrypted communications are just a few of the harmful features of this new FatalRAT that make it a major danger. As a result of this, experts believe that this trojan and its many samples will continue to spread in the future. As a result, it is important to practice good cybersecurity.