+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Researchers find Telegram bot chatter is actually Windows malware commands (/showthread.php?tid=5152)
Researchers find Telegram bot chatter is actually Windows malware commands - silversurfer - 18 January 19
Quote:Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands.
Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.
The attacker then uses Telegram to communicate with the malware and send HTTPS protected instructions.
The malware also revealed a vulnerability in Telegrams BOT API. Because the messages were sent by Telegram Bot API, and not between regular users, anyone knowing a few key pieces of information can snoop on the bot chatter and even recover full messaging histories of the target bot. Regular user’s messages are also protected with in-house MTProto encryption.
Source: https://www.scmagazine.com/home/security-news/researchers-find-telegram-bot-chatter-is-actually-windows-malware-commands/
Report by Forcepoint: https://www.forcepoint.com/blog/security-labs/tapping-telegram-bots