Cybercriminals control ToxicEye malware using Telegram

The Check Point research team discovered that the cybercriminals control ToxicEye malware using Telegram, as messenger is used as a command-and-control server for the malware.

Even when Telegram is not installed or used, hackers manage to remotely transmit malware commands and perform operations through the application.

Over the past three months, researchers have tracked more than 130 such cyberattacks.

ToxicEye operators distribute their malware, disguising it as email attachments. Having gained access to the victim’s system and its data, they also get the opportunity to install other malware on the device.

Typically, the attack takes place in the following way.

Scheme of the attack

The researchers note that using Telegram is a very smart move, because Telegram is a legitimate and easy-to-use service that is usually not blocked by corporate anti-virus solutions. It also allows criminals to remain anonymous, as they only need a mobile phone number to register.

“We urge Telegram organizations and users to keep abreast of the latest phishing attacks and be highly suspicious of emails with a username or organization name embedded in the subject. Given that Telegram can be used to distribute malicious files or as a control channel for malware, we expect attackers to continue to develop tools that use this platform in the future”, — said Idan Sharabi, research and development manager at Check Point Software Technologies.

Let me remind you that I also said that HackBoss malware spreads via Telegram and steals cryptocurrency.

Exit mobile version