Hackers are exploiting the Telegram messaging app by embedding its code inside a dangerous remote access Trojan, called ToxicEye, which can help them take control of your computer remotely, as per researchers at Check Point Software Technologies. How powerful is this malware?
The ToxicEye remote access Trojan (RAT) can get inside your PC, leak its data, allow a hacker to remotely control your system, and also install ransomware, claim the researchers, who also claim to have tracked over 130 ToxiceEye cyber attacks in the last 3 months.
According to the researchers, the ToxicEye malware has been used to steal sensitive information from systems like passwords, browsing history, cookies, and other system information, delete and transfer data, record audio or video, kill the PC processes, steal clipboard contents, deploy keylogger, etc.
How do the ToxicEye attacks happen?
As per the researchers, first hackers create a Telegram account with which to operate from and also a dedicated Telegram bot. This gives them the opportunity to connect with other users on Telegram via chat, adding people to groups, or sending direct requests by entering the Telegram username of the bot and a query.
Next, they bundle the bot token with the ToxicEye RAT or any other malware and send it as an email attachment. An example of the sort of infected attachment is a file named “PayPal checker by saint.exe”, the researchers have divulged.
You open that email, which leads to your system being connected to the Telegram account of the hacker, which then opens a channel for nefarious activities. After you have opened that email, it doesn’t matter if you have Telegram installed on your computer or not. Since the Trojan has been implanted with the help of an email attachment, even deleting the Telegram app from your system won’t break up the connection of the device with the hacker’s Telegram account.