Over the past three months, users of the popular messaging app Telegram have seen over 130 attacks using a new multi-functional remote access trojan (RAT) dubbed ‘ToxicEye’, according to recently released research. Following controversial changes to privacy settings from Facebook’s WhatsApp, cloud-based IM platform Telegram has enjoyed a surge in popularity, becoming the most downloaded app worldwide for January 2021 with more than 63 million installs. Unfortunately, this popularity also extends to the cyber-criminal community. Malware authors are increasingly using Telegram as a ready-made command and control (C&C) system for their malicious products, because it offers several advantages compared to conventional web-based malware administration.
The ToxicEye trojan is spread via phishing emails containing a malicious .exe file. If the user opens the attachment, ToxicEye installs itself on the victim’s PC and performs a range of exploits without the victim’s knowledge. Included amongst these malicious capabilities are the ability to steal data, delete or transfer files, hijack the PC’s microphone and camera to record audio and video, and encrypt files for ransom purposes.