Open Source Remote Access Trojan Targets Telegram Users

Remote access Trojans are mainly used to steal consumer data, either for consumers themselves or the conglomerate keeping this information safe from prying eyes. However, it appears criminals are looking at a different approach for these tools right now. A new open source remote access Trojan can now be used to extract data from the Telegram communication platform.

Telegram Users Are Susceptible to New RAT Attack

It is never a good sign when end-to-end encrypted communication tools are vulnerable to remote access Trojans. Unfortunately for all Telegram users, they have now become an official target for cybercriminals who make use of the RATAttack toolkit. This new open-source hacking tool has been unveiled by security researchers late last night, as it could have major consequences for all Telegram users.

It has to be said, this new tool is quite a significant improvement compared to how most traditional remote access Trojans work these days. To be more specific, a RAT requires attacks to enable port forward to seize control over infected hosts. Moreover, these Trojans do not use encryption, which remains a critical weakness. RAT developers need to address this problem as soon as possible, and RATAttack seems to be an example of how this problem can be solved with relative ease.

Note from the Author: The source code has been removed from GitHub but rest assured there are copies of it floating around on the Internet.

This particular tool uses the Telegram protocol to create an encrypted channel of communication between victims and the assailants. Moreover, it does not require port forwarding, since Telegram’s protocol takes care of all of those “issues” as well. In a way, one could argue Telegram is the perfect communication protocol for hackers to leverage when distributing remote access Trojans.

Distributing this open source remote access Trojan is a bit of a challenge, though. The assailants first need to create their own proprietary telegram bot, which is relatively easy. The token generated by this bot needs to be edited into the RAT’s config file. Once someone interfaces with the bot, they will receive the RATAttack payload. Moreover, the person responsible for creating the bot will be able to interface with victims through the channel that is automatically created whenever a host is infected.  

Among the damage this RAT can cause are options to run keyloggers on a remote PC, retrieve IP information, download local files in the background and upload files to the computer. Criminals can also execute any file on the infected machine, which can lead to more malicious software being downloaded. In a way, RATAttack is a very versatile surveillance tool for criminals looking to cause harm to unsuspecting consumers.

It is evident open source “tools” like these can cause a lot of damage in the coming months.Telegram is one of the most favored end-to-end encrypted communication tools today. However, there are plenty of alternative solutions to look into as well. Rest assured criminals will always find a new way to come up with solutions that will affect consumers in one way or another. Remote access Trojans are the flavor of the month, so to speak, but that doesn’t make them less dangerous.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.