Skip to main content

Here's why Telegram is becoming a tool for hackers

Telegram Android App
Telegram Android App (Image credit: Windows Central)

What you need to know

  • A new report claims hackers are turning to Telegram.
  • Causes cited include the service's ease of use and allowance of relative anonymity.
  • Telegram gives hackers access to infected computers directly from their phones.

New research by Check Point Software Technologies' malware analyst Omer Hofman indicates that Telegram is a growing hub for threat actor activity (via TechRadar). Thanks to Whatsapp alienating some users with its new policies and settings, Telegram's become more relevant than ever. But where there is popularity, there is danger.

The cybercriminals in question are using Telegram as a command and control (C&C) system for the dispersal of their digital weapons. One in particular that Check Point Research (CPR) has seen an uptick in lately is the remote access trojan "ToxicEye," which CPR has noticed crop up in over 130 attacks just within a three-month window.

ToxicEye is spread through a .exe file contained inside phishing emails. It's an old tactic, but it's working well enough to get ToxicEye inside people's computers. Once the trojan is in there, it can steal data, delete processes, hijack a machine's microphone and camera, and encrypt files to hold them for ransom.

This malware is monitored by attackers via Telegram, where it communicates with them via their C&C server. This server is also where it dumps its stolen data. Some specific reasons for Telegram's popularity amongst bad guys include:

  • Telegram is a legitimate, easy-to-use and stable service that isn't blocked by enterprise anti-virus engines, nor by network management tools
  • Attackers can remain anonymous as the registration process requires only a mobile number
  • The unique communications features of Telegram mean attackers can easily exfiltrate data from victims' PCs, or transfer new malicious files to infected machines

The full research report makes for interesting reading and is worth checking out if you want a more in-depth look at how innocuous apps can be co-opted for villainy.

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.

2 Comments
  • Another reason to have a firewall and anti virus installed lol. Not to mention locking down Windows to S-Mode for novice users. User can set where programs can be installed from via settings app (available on 10 home and pro).
  • A firewall is not going to help with this problem unless you’re blocking all outbound traffic and adding an exception for your browser of choice only. Malware protection however is a must though.