Security News > 2021 > April > Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns
A victim's computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account.
This growing Telegram userbase has led to a corresponding surge by attackers pelting the Telegram platform with a slew of common malware, researchers report.
According to Check Point, dozens of "Off-the-shelf" malware samples have also been spotted targeting Telegram users.
The Telegram RAT attacks begin with threat actors creating a Telegram account and a dedicated Telegram bot, or remote account that allows them to interact with other users in various ways-including to chat, add people to groups or send requests directly from the input field by typing the bot's Telegram username and a query.
Once a victim opens the malicious attachment, it connects to Telegram and leaves the machine vulnerable to a remote attack via the Telegram bot, which uses the messaging service to connect the victim's device back to that attackers command-and-control server, according to the report.
Organizations also should monitor the traffic generated from PCs to Telegram accounts when the Telegram app is not installed on the systems in question, researchers said.