Hackers Controlled ToxicEye Malware Via Telegram Messenger

According to the latest report, hackers are exploiting the famous Telegram messaging platform by implanting its program inside a remote access trojan (RAT) known as ToxicEye. A hacker-controlled Telegram messaging service is used to monitor a victim’s device corrupted with the ToxicEye malware.

Check Point, a cybersecurity firm reports it has monitored over 130 incidents concerning the ToxicEye RAT in the last 3 months and warns that even consumers who do not have Telegram enabled on their computers may be vulnerable.

“Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app,” a researcher from Check Point stated.

Hackers Controlled ToxicEye Malware

Because of its mainstream use and success, hackers are likely to have chosen Telegram as their delivery medium, according to Idan Sharabi, research and development executive at Check Point. Telegram has more than 500 million users worldwide.

In an email, Idan Sharabi stated, “We believe attackers are leveraging the fact that Telegram is used and allowed in almost all organizations, utilizing this system to perform cyberattacks, which can bypass security restrictions.”

Telegram, a safe and private messaging app, has grown in popularity during the pandemic, especially in recent months, according to researchers. This is due to WhatsApp’s recent privacy and data management practices, which have caused widespread concern among consumers, driving them to alternate messaging channels such as Telegram by the millions.

Telegram’s use to facilitate destructive acts is not recent. In September 2019, an identity thief known as Masad Stealer was discovered using Telegram as an intrusion platform to loot data and cryptocurrency wallet details from infected systems.

Last year, Magecart organizations used the same strategy to return looted billing information from hacked platforms to hackers.

Check Point’s most recent campaign is no exception. ToxicEye uses Telegram to connect with the command-and-control (C2) system and transmit files to it. It is distributed through phishing emails containing a malicious Windows executable file.

The virus even has a number of vulnerabilities that enable it to extract information, copy and uninstall files, disable processes, install a keylogger, capture video and audio using the device’s camera and microphone, and even encrypt documents for a bribe.

Users may defend themselves from ToxicEye by looking for a folder named C:\Users\ToxicEye\rat.exe on their computers. If your machine is discovered to be compromised, you can call your security staff and have it erased.

To continue, take the same measures that are often recommended to shield against malware emails, such as being cautious of anonymous email attachments, specifically those that include usernames.