FatalRAT Trojan Spreads via Telegram Channels

FatalRAT is a remote access trojan (RAT) that allows attackers to gain remote control over targeted devices. According to researchers from AT&T Alien Labs, this malware is being distributed through Telegram channels, particularly those focused on software news. Users may encounter download links for the malware in these channels.

The experts report that FatalRAT can be launched remotely on a victim’s device and is capable of bypassing security measures. Once inside the system, FatalRAT records keystrokes, collects information about the operating system, and transmits all gathered data to its operators through an encrypted channel.

Over the past few months, AT&T Alien Labs has observed FatalRAT being used in real-world attacks, but the exact number of victims remains unknown. Nevertheless, Telegram channels help FatalRAT reach a wide audience of potential targets. Unlike Telegram groups, only channel administrators can post messages, making them solely responsible for distributing the malware.

How FatalRAT Infects Systems

Before fully infecting a system, FatalRAT performs several checks. It attempts to detect if it is running in a virtual machine, counts the number of physical processes, and determines the available disk space. Additionally, the trojan disables the ability to use the CTRL+ALT+DELETE command by changing the value of the DisableLockWorkstation registry key. After this, it launches a keylogger.

FatalRAT also tries to identify any antivirus programs running on the compromised system and extracts information from web browsers. Furthermore, the trojan can spread across the victim’s network using brute-force techniques.

Conclusion

Telegram channels have become a significant vector for distributing malware like FatalRAT, enabling attackers to reach large numbers of users. It is important to be cautious when downloading files from unofficial sources and to keep security software up to date.