Telegram RAT Escapes Detection via Cloud Apps

  /     /     /  
Publicated : 22/11/2024   Category : security


Telegram RAT Escapes Detection via Cloud Apps


Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.



A new remote access Trojan is using cloud-based tools to evade traditional security scanners that cant inspect SSL or provide cloud application-level traffic inspection, according to researchers at Netskope Threat Research Labs.
TelegramRAT uses Dropbox as its payload host and Telegram Messenger for command and control. It arrives as a malicious Microsoft Office document, exploiting a memory corruption vulnerability (
CVE-2017-11882
) patched by Microsoft last month, and it uses Bit.ly redirection to hide the payload hosted on Dropbox.
Its payload uses open-source Python TelegramRAT code, which is hosted in GitHub. The unique aspect of this malware is its reliance on the Telegram BOT API to receive commands and send messages to the attacker using an HTTPS communication channel, so traditional network security tools cant see it.
Netskope is actively working with Dropbox security team to remediate known threats.
Read more details
here
.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Telegram RAT Escapes Detection via Cloud Apps