Telegram RAT Escapes Detection via Cloud Apps

Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.

A new remote access Trojan is using cloud-based tools to evade traditional security scanners that cant inspect SSL or provide cloud application-level traffic inspection, according to researchers at Netskope Threat Research Labs.
TelegramRAT uses Dropbox as its payload host and Telegram Messenger for command and control. It arrives as a malicious Microsoft Office document, exploiting a memory corruption vulnerability (
CVE-2017-11882
) patched by Microsoft last month, and it uses Bit.ly redirection to hide the payload hosted on Dropbox.
Its payload uses open-source Python TelegramRAT code, which is hosted in GitHub. The unique aspect of this malware is its reliance on the Telegram BOT API to receive commands and send messages to the attacker using an HTTPS communication channel, so traditional network security tools cant see it.
Netskope is actively working with Dropbox security team to remediate known threats.
Read more details
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Telegram RAT Escapes Detection via Cloud Apps