Open Source Remote Access Trojan Targets Telegram Users

Remote access Trojans are mainly used to steal consumer data, either for consumers themselves or the conglomerate keeping this information safe from prying eyes. However, it appears criminals are looking at a different approach for these tools right now. A new open source remote access Trojan can now be used to extract data from the Telegram communication platform.

Telegram Users Are Susceptible to New RAT Attack

It is never a good sign when end-to-end encrypted communication tools are vulnerable to remote access Trojans. Unfortunately for all Telegram users, they have now become an official target for cybercriminals who make use of the RATAttack toolkit. This new open-source hacking tool has been unveiled by security researchers late last night, as it could have major consequences for all Telegram users.

It has to be said, this new tool is quite a significant improvement compared to how most traditional remote access Trojans work these days. To be more specific, a RAT requires attacks to enable port forward to seize control over infected hosts. Moreover, these Trojans do not use encryption, which remains a critical weakness. RAT developers need to address this problem as soon as possible, and RATAttack seems to be an example of how this problem can be solved with relative ease.

Note from the Author: The source code has been removed from GitHub but rest assured there are copies of it floating around on the Internet.

This particular tool uses the Telegram protocol to create an encrypted channel of communication between victims and the assailants. Moreover, it does not require port forwarding, since Telegram’s protocol takes care of all of those “issues” as well. In a way, one could argue Telegram is the perfect communication protocol for hackers to leverage when distributing remote access Trojans.

Distributing this open source remote access Trojan is a bit of a challenge, though. The assailants first need to create their own proprietary telegram bot, which is relatively easy. The token generated by this bot needs to be edited into the RAT’s config file. Once someone interfaces with the bot, they will receive the RATAttack payload. Moreover, the person responsible for creating the bot will be able to interface with victims through the channel that is automatically created whenever a host is infected.  

Among the damage this RAT can cause are options to run keyloggers on a remote PC, retrieve IP information, download local files in the background and upload files to the computer. Criminals can also execute any file on the infected machine, which can lead to more malicious software being downloaded. In a way, RATAttack is a very versatile surveillance tool for criminals looking to cause harm to unsuspecting consumers.

It is evident open source “tools” like these can cause a lot of damage in the coming months.Telegram is one of the most favored end-to-end encrypted communication tools today. However, there are plenty of alternative solutions to look into as well. Rest assured criminals will always find a new way to come up with solutions that will affect consumers in one way or another. Remote access Trojans are the flavor of the month, so to speak, but that doesn’t make them less dangerous.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

  • wazab berry

    Any idea on how to avoid falling victim to this?

    • Rafael Ribeiro

      Se isso for realmente verdade

    • Damn good question… … I just erased that shit.. this el Russians lol

      • John Doe

        Then apparently you are as retarded as author of this article, who can’t differentiate software from communication protocol it is using.

  • Pernat1y


    No, it is not.
    It is like saying “HTTP is vulnerable” or “TCP is vulnerable” because of some malware are using them for communication. The same thing was with IRC some time ago, when it was used by like… most bots. And no one said, that it vulnerable. Because if someone using your *open* protocol for communication, it mostly means, that it is not bad at all.

    Unfortunately for all Telegram users, they have now become an official target for cybercriminals who make use of the RATAttack toolkit

    Are you sure? If RAT just using protocol, you don’t even need to has to be an Telegram user nor have client for it.

  • Telegram is not vulnerable to ANYTHING related to this. Remote access tools (RATs) exist. Traditionally, an entirely separate control panel program would be used to control the infected files that are on other PCs. In this case, Telegram is becoming the CONTROL PANEL, not the victim. There is nothing broken with Telegram in this case. It is simply using the bot API platform to receive commands to send to other infected PCs.

    The victim would need to be sent a file by someone else, and then OPEN IT. Simply using a bot on Telegram would not install a RAT on a user’s computer.

    You are either incredibly uninformed, or you are simply trying to scare people into not using Telegram.

  • Jean-Pierre Buntinx

    Updated the subheader title to make it more clear the users are at risk not Telegram itself.