"ToxicEye Malware Leverages Telegram for C2"
Researchers with Check Point Research discovered a new malware variant called ToxicEye. According to the researchers, ToxicEye possesses both data exfiltration and ransomware capabilities. It also leverages the popular Telegram messaging platform for command-and-control (C2) communications. The researchers have pointed out that cybercriminals are increasingly using Telegram as C2 infrastructure for malware as the platform that allows them to remain anonymous, easily exfiltrate data from victims' PCs, transfer new malicious files to infected machines, and more. Check Point expects additional tools for exploiting Telegram to continue emerging. Over the past three months, more than 130 attacks have been observed delivering ToxicEye. The attacks begin with spearphishing emails containing a malicious .exe file that installs the remote access trojan (RAT) once opened. The ToxicEye RAT then proceeds to perform malicious activities such as stealing data, deleting files, killing processes, hijacking the PC's camera to record video, and encrypting files. ToxicEye's authors used a Telegram account and a Telegram bot account to build the Telegram-based C2 for the malware. This article continues to discuss the discovery and capabilities of ToxicEye malware, as well as the use of Telegram by this malware and other RATs for malware C2 infrastructure.
Decipher reports "ToxicEye Malware Leverages Telegram for C2"