Security researchers have found that the popularity of Telegram as a universal encryption messaging platform has also made it popular with hackers.
At New report, Omar Hoffman of Checkpoint, a cybersecurity company, explains that malware makers are increasingly using Telegram as a command and control system for their malicious activities, as the app has advantages over conventional web-based malware. It gives them more.
Telegram is not the only encrypted tool used by the perpetrators of these threats. Recent research by software company Sophos shows that they are increasingly shifting to encrypted communication protocols as well as legal cloud services to prevent detection.
In his analysis, Hoffman states that “Massad” used Telegram for the first time in 2017 as a command and control system server. The group is said to have been the first to realize the benefits of messaging services for its attacks. According to Hoffman, researchers have since discovered dozens of different types of malware that use telegrams to carry out their malicious activities.
Over the past three months, Checkpoint has seen more than 100 attacks using malicious remote and multi-purpose Trojans called “ToxicEye” to spread malicious emails. ToxicEye is also used in the Telegram environment to communicate with the command server and to control and extract stolen information.
Hoffman analysis shows that malware manufacturers use this trojan to cover the Telegram bot, and when the user uses these bots, the attacker connects to his phone or computer. This bot apparently steals users’ data, records audio and video, and even locks files like ransomware.