Over the past three months, users of the popular messaging app Telegram have seen over 130 attacks using a new multi-functional remote access trojan (RAT) dubbed ‘ToxicEye’, according to recently released research. Following controversial changes to privacy settings from Facebook’s WhatsApp, cloud-based IM platform Telegram has enjoyed a surge in popularity, becoming the most downloaded app worldwide for January 2021 with more than 63 million installs. Unfortunately, this popularity also extends to the cyber-criminal community. Malware authors are increasingly using Telegram as a ready-made command and control (C&C) system for their malicious products, because it offers several advantages compared to conventional web-based malware administration.
The ToxicEye trojan is spread via phishing emails containing a malicious .exe file. If the user opens the attachment, ToxicEye installs itself on the victim’s PC and performs a range of exploits without the victim’s knowledge. Included amongst these malicious capabilities are the ability to steal data, delete or transfer files, hijack the PC’s microphone and camera to record audio and video, and encrypt files for ransom purposes.
<p>Although Telegram is privacy focused, the specific design of the platform lends itself to be manipulated by malicious actors, so caution must be advised. Once this particular Trojan is infected on a device, the illicit possibilities are endless and difficult to defend against. </p> <p> </p> <p>Email still remains the favoured route of entry for cybercriminals, however, so people must be wary of unsolicited emails – particularly those with attachments. It is also advisable to use antivirus software and implement robust spam filters and sandbox environments wherever possible.</p>