Telegram RAT Escapes Detection via Cloud Apps
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
A new remote access Trojan is using cloud-based tools to evade traditional security scanners that can't inspect SSL or provide cloud application-level traffic inspection, according to researchers at Netskope Threat Research Labs.
TelegramRAT uses Dropbox as its payload host and Telegram Messenger for command and control. It arrives as a malicious Microsoft Office document, exploiting a memory corruption vulnerability (CVE-2017-11882 ) patched by Microsoft last month, and it uses Bit.ly redirection to hide the payload hosted on Dropbox.
Its payload uses open-source Python TelegramRAT code, which is hosted in GitHub. The unique aspect of this malware is its reliance on the Telegram BOT API to receive commands and send messages to the attacker using an HTTPS communication channel, so traditional network security tools can't see it.
Netskope is actively working with Dropbox security team to remediate known threats.
Read more details here.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
Sep 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
Sep 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
Oct 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024