Due to its convenience and availability, the Telegram application is increasingly being used to disseminate information through its channels, where you can subscribe to stay updated with certain topics.
However, security analysts have discovered that cybercriminals are taking advantage of the convenience offered by this highly popular platform to control systems infected with a new breed of remote access trojan (RAT).
This RAT, called the T-RAT 2.0, is being advertised in Russian-language underground forums, selling for around USD$ 45. Among its selling points is that a “customer” has the ability to control an infected computer via a Telegram channel instead of, say, a web-based administration panel. According to the translation of one of its publication materials, the advantages of T-RAT 2.0 are “comfort and convenience, simple control, huge functionality at a nice cost, anonymity and reliability, updates and improvements and cleaning from detectors".
Like any other malware and trojans, the T-RAT 2.0 infects a target computer by hiding itself in a game package or other files downloaded by the user from unsecured sources. According to an analysis by G DATA, T-RAT 2.0’s first known stage of infection is the downloader, which can even check if the current user has administrator rights or not.
After the infection, the attacker can then control the target computer through Telegram, using text-based commands and command buttons on the T-RAT 2.0 channel, with 98 different controls and functionalities. Some of the commands include:
Surveillance: Takes a screenshot of the desktop, records audio using the computer’s microphone, uses a webcam for photographs, shows system information.
Data stealing: Steals data from sessions on Viber, Skype, Discord, cookies, installs key loggers for passwords and credentials extraction.
Blocking of security measures: Blocks a site via hosts file redirection to localhost, such as sites for security forums, bypasses User Account Control (UAC), disables Windows Defender.
With such controls on easy-to-install Telegram mobile app, the cybersecurity landscape is facing another challenge. Having the ability to control RATs via mobile devices instead of desktops – this clearly shows that cybercriminals are continuing to develop new, more advanced and even convenient ways for them to deploy and carry out cyber attacks.
Worst of all, these tools and techniques can be easily purchased by any would-be attacker “at a nice cost”.