14 DAY TRIAL // Malicious actors are using Telegram channels as a source of viral attacks for their targets. A new Remote Access Trojan (RAT) was spotted infecting devices via Telegram channels, according to Cyware.
AT &T Alien Labs researchers recently discovered a new Trojan called FatalRAT that can spread via software download vulnerabilities or articles on Telegram. The malware is able to gain persistence, evade detection, collect system information, and exfiltrate data. Interestingly, these messages can only be sent by channel administrators.
And that's not all the Trojan can do. Before it infects the target system, the malware runs a series of tests to determine the number of physical CPUs, VMs running on the system and disk space. Based on the results, the RAT can gain persistence by either starting a new service or making modifications to the existing registry.
It is also capable of wiping specific user information from web browsers such as Edge, Chrome, Firefox, 360Secure Browser, SoguBrowser, and QQBrowser. Furthermore, it sends sensitive information such as usernames, addresses, the external IP address of the computer, and other data through an encrypted C2 channel.
Hackers take advantage of Telegram's anonymity and leverage it to propagate malware
Cybercriminals use Telegram to propagate malware because it is a stable and legitimate app that is not restricted by firewalls, antivirus software, or network management tools. Another advantage is that hackers can remain anonymous because all they need to sign up is a valid phone number. FatalRAT is not the first Trojan to propagate over the Telegram messaging app. Toxic Eye and XCSSET are two other Trojans known to use Telegram as their launch pad.
Because of the increase in the number of malicious programs, it is highly recommended that you use antivirus software and keep it updated. Another critical tip to follow when it comes to protecting your personal information is to avoid installing software or clicking on links from unknown sources.