By embedding code inside a dangerous remote access Trojan, called ToxicEye, hackers are exploiting the Telegram messaging app.
ToxicEye can help them take control of computers remotely, as per researchers at Check Point Software Technologies. How powerful is this malware?
The ToxicEye remote access Trojan (RAT) can get inside a PC, leak its data, allow a hacker to remotely control the system and also install ransomware, claim the researchers, who also claim to have tracked over 130 ToxiceEye cyber-attacks in the last 3 months.
According to the researchers, the ToxicEye malware has been used to steal sensitive information from systems like passwords, browsing history, cookies and other system information, delete and transfer data, record audio or video, kill the PC processes, steal clipboard contents, deploy keylogger etc.
As per the researchers, first hackers create a Telegram account with which to operate from and also a dedicated Telegram bot.
This gives them the opportunity to connect with other users on Telegram via chat, adding people to groups or sending direct requests by entering the Telegram username of the bot and a query.
Next, they bundle the bot token with the ToxicEye RAT or any other malware and send it as an email attachment. An example of the sort of infected attachment is a file named “paypal checker by saint.exe”, the researchers have divulged.
Users open that email, which leads to their system being connected to the Telegram account of the hacker, which then opens a channel for nefarious activities.
After they have opened that email, it doesn’t matter if they have Telegram installed on their computer or not.
Since the Trojan has been implanted with the help of an email attachment, even deleting the Telegram app from their system won’t break up the connection of the device with the hacker’s Telegram account.