18 January 19, 23:20
Quote:Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands.
Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.
The attacker then uses Telegram to communicate with the malware and send HTTPS protected instructions.
The malware also revealed a vulnerability in Telegrams BOT API. Because the messages were sent by Telegram Bot API, and not between regular users, anyone knowing a few key pieces of information can snoop on the bot chatter and even recover full messaging histories of the target bot. Regular user’s messages are also protected with in-house MTProto encryption.
Source: https://www.scmagazine.com/home/security...-commands/
Report by Forcepoint: https://www.forcepoint.com/blog/security...egram-bots
![[-]](https://www.geeks.fyi/images/collapse.png)
