The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
Abuse.ch: Agent Tesla now could use Telegram to exfiltrate data, instead SMTP or FTP
Agent Tesla now could use Telegram to exfiltrate data, instead SMTP or FTP. It has been discovered by abuse.ch cybersecurity experts, who suggest corporate web proxy operators to watch out for or block outgoing network traffic towards api.telegram .org. The malware usually is spread with malspam campaigns with different themese. The document cointains an attachment, that contacts a link and donwloads the malicious payload. The goal of the cybercrime is to use it to steal sensitive data from victims. Agent Tesla, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.
Telegram has already been used by cybercrime to spread malware, especially RAT on mobile
Telegram, however, is already been used by cybercrime to control malware (especially Remote Access Trojans) that targets mobile devices. In fact, it happened with T-RAT, RATAttack, HeroRAT, TeleRAT, IRRAT, RAT-via-Telegram, and Telegram-RAT. This, becaus Criminal Hackers can access infected computers faster and easier from anywhere, to activate data theft features as soon as a victim is infected and especially before the presence of the RAT is discovered. Furthermore, the messenger guarantees easiness in installation and use of the malware.