Malware that specializes in eavesdropping and sabotage is discovered hiding on Telegram
A new cybersecurity threat has just been discovered by experts, using the popular messaging app Telegram as a "base" to carry out destructive acts. This Golang malware not only has the ability to eavesdrop, but can also spread itself and execute many other dangerous commands.
Researchers from Netskope have discovered a backdoor built in the Golang programming language. Notably, this backdoor uses Telegram as a command and control (C2) station. Instead of using complex servers, the attackers leverage Telegram to send commands and receive information from the backdoor.
Telegram is the "base" of Golang malware to carry out destructive acts.
Specifically, this backdoor creates a Telegram bot via Botfather, then uses this bot to continuously listen for commands sent from a Telegram chat. Before performing any action, the backdoor checks the validity of the command.
The use of Telegram as a C2 channel makes it extremely difficult to detect and block this backdoor. It is difficult for security experts to differentiate between malicious and normal information flows on Telegram.
'While using cloud applications as a C2 channel is not something we see every day, it is a very effective method used by attackers not only because it does not require deploying an entire infrastructure for it, making the attacker's life easier, but also because it is very difficult, from a defense perspective, to differentiate between what is a normal user using the API and what is C2 communication,' Netskope said.
In addition to Telegram, threat actors often use other cloud services such as OneDrive, GitHub, Dropbox, etc. to carry out attacks. Netskope did not disclose the number of potential victims, but emphasized that this malware is most likely of Russian origin.
The emergence of this Golang backdoor is a warning about the potential risks from familiar applications. Users need to be vigilant, update security software regularly, and not open suspicious links or files.
You should read it
- What is Golang? Things you need to know about Golang programming language
- What is backdoor?
- Top 12 most dangerous backdoor in computer history
- Instructions for using free chat software Telegram on your computer
- What is the difference between Go and Java?
- How to create basic program in Golang
- Detection of new utility backdoor leaves many Linux distributions vulnerable to attacks
- 10 tips to use Telegram safely and securely
May be interested
- Just 5 minutes to understand what is IDS? IDS VS IPS and Firewallnetwork intrusion, data loss, downtime, etc. are all nightmares for network administrators and security staff. that is why ids systems were born. let's understand what ids is through this article.
- iPhone users confused by strange soundsthe issue is common on new iphone models like iphone 15, 16, and iphones running ios 18.
- Those who regularly use VPNs should be careful, Google warnsgoogle warns users to be careful of 'disguised' vpn applications that spread malware.
- Signal - Inviolable App or Promised Land for Criminals?after telegram's policy changes, scam and hacker groups have massively moved to discord and signal platforms.
- Risk of phone control from bank account numberthe scammer intentionally entered the wrong password, causing the user's account to be locked, then pretended to be a bank employee and tricked them into installing malware on the phone.
- Apple: Security flaw in iPhone's USB-C port is not a concernnew security vulnerability discovered on usb-c controller of iphone 15 and 16, should users worry?