TgRAT (virus program)

2022: Russians face spyware virus spread via Telegram

In December 2022, it became known that the Russians were faced with the TgRAT spy virus spread through Telegram. According to Positive Technologies, the malware uses the Telegram infrastructure as control channels and can take screenshots, download files to the attacked node, download data from the node to the control server.

According to information security experts, the virus was created for specific PCs on which it is planned to steal information. It checks the name of the host on which it is running, and if the name does not match the one specified in the program body, it exits.

Residents of the Russian Federation faced a spy virus spread through Telegram

To protect against the spy virus, experts recommended using traffic analysis programs and paying attention to outgoing traffic from internal corporate servers to Telegram servers. In addition, analyzing traffic within the network will identify network tunnels and non-standard communication between servers and protect nodes using antivirus, experts noted.

According to Denis Goidenko, head of the information security threat response department at Positive Technologies, the popularity of the messenger in many companies is pushing attackers to develop Telegram exploitation tools for covert management and theft of confidential information. One of the most effective approaches to identifying such leakage channels, the expert called the use of antiviruses on all nodes, including servers and the use of deep traffic analysis (NTA) systems and means of detecting and responding to security threats at endpoints (EDR). In addition, traffic from internal servers of the corporate infrastructure to Telegram servers is already a suspicious process and should alert the security service, Goidenko explained.^[1]

Notes

Шаблон:Remarks