Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Telegram Bots Have Got A Major Problem, Security Researchers Warn
#1
Quote:Telegram, the encrypted messaging service, is being used as a command and control infrastructure for malware, an investigation by researchers at Forcepoint Security Labs has found.

First, it’s important to note that not all of Telegram’s 180 million plus users are affected. The issue discovered centers around the Bot API used by a sub-set of Telegram users.

The Bot is used for automated communications or updates between teams such as groups of developers as well as automated conversations sharing news or updates.

The vulnerability requires a man in the middle (MiTM) attack – with the hacker effectively intercepting communications – to extract information, the researchers say. Forcepoint has informed Telegram of the vulnerability.

“Malware that uses Telegram as a command and control channel typically uses the Telegram Bot API for communications,” say the researchers. “In the course of an investigation into one piece of malware, we discovered a significant flaw in the way Telegram handles messages sent through its Bot API.”

The malware in question, dubbed ‘GoodSender’, operates in a simple way: once it is dropped it creates a new administrator user and enables remote desktop, at the same time ensuring it's not blocked by the firewall. The username for the new admin user is static, but the password is randomly generated.

All of this information - including the username, password, and IP address of the victim - is sent to the operator through the Telegram network, providing the operator with access to the victim’s computer through RDP, the researchers say.

And unlike its chat conversations, Telegram’s bots aren’t secured using its encryption protocol, MTProto. Instead, the bot platform relies on Transport Layer Security (TLS) protocol used in HTTPS web encryption – which isn’t robust enough on its own.


https://www.forbes.com/sites/kateoflaher...e1325a15db
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New ways to phish found by academic researchers mrtrout 0 519 01-07-2022 , 12:14 AM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 780 05-28-2021 , 10:58 PM
Last Post: mrtrout
  US and Australia warn of escalating Avaddon ransomware attacks mrtrout 0 1,166 05-11-2021 , 09:57 AM
Last Post: mrtrout
  APT Charming Kitten Pounces on Medical Researchers Bjyda 0 1,036 03-31-2021 , 09:40 PM
Last Post: Bjyda
  Updated Minebridge RAT Targets Security Researchers Bjyda 0 742 02-24-2021 , 11:34 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)