Dangerous Spyware Virus Controlled via Telegram Discovered
A malicious program called TgRAT, which uses private Telegram chats as command and control channels, was discovered during an investigation conducted by the Positive Technologies Expert Security Center (PT ESC) incident response team.
Analysis of the source code revealed that the malware is specifically designed for targeted devices from which attackers intend to steal confidential information. TgRAT first checks the hostname of the device it is running on. If the name does not match the value embedded in the program, the malware terminates itself.
At the time of the investigation, TgRATβs source code was not available in public sources, and initially, the malware may not be detected by antivirus software. To detect it, Positive Technologies experts recommend using traffic monitoring tools and paying attention to outgoing traffic from internal corporate servers to Telegram servers. Additionally, it is important to monitor data flows within the network (this approach can help identify network tunnels and unusual communication between servers) and to ensure all nodes in the infrastructure are protected by antivirus solutions.
βMany companies use Telegram as a corporate messenger, which encourages attackers to develop tools that exploit the Telegram API for covert backdoor control and exfiltration of confidential information. One of the most effective approaches to identifying such data leakage channels is to use antivirus software on all nodes, including servers, and to implement network traffic analysis (NTA) systems, as well as endpoint detection and response (EDR) solutions. Furthermore, traffic from internal corporate servers to Telegram servers is already a suspicious process that should alert the security team,β said Denis Goydenko, Head of Threat Response at Positive Technologies.
Phishing Remains a Major Threat
Phishing continues to be one of the main ways attackers infiltrate infrastructure. Users are advised to exercise caution, avoid opening suspicious emails, refrain from clicking unknown links, and not download software from unverified websites or torrent platforms. It is best to use licensed versions from trusted sources. Organizations should educate employees about different types of phishing and new fraud schemes.