Telegram is an open-source instant messaging cross-platform application that fulfils all the needs of a communication application one might need. But more than that this application is known for its privacy concerns for its users. So unlike other messaging platforms telegram does not use or sells the data of its users to anyone. And due to this many paid digital products can be downloaded from here for free. You can upload them to your channel for free. And those who join your channel also get to download whatever you upload. This is the reason why many times malware, Trojans, viruses, etc get transferred very easily to many devices in an instant with a telegram. This time FatalRat Trojan is aggressively exploiting telegram.
Today we’ll discuss this FatalRat in more detail to give you a brief overview of this Trojan horse.
How is FatalRat Trojan Exploiting Telegram?
According to AT&T Alien Labs, a remote access trojan is being distributed via different telegram channels like media, applications, etc files.
What Does This Trojan Horse Do?
Firstly before infecting the system, FatalRat executes several tests to detect if there is a virtual environment running in victims machines. Not only that but it also tries to gain access to persistent storage and processor information like no of core, architecture, etc. FatalRat also can pass Anti-VM and Anti-Sandbox tests.
Once these tests are passed, then this RAT will decrypt the configuration string differently. These configuration strings contain a C2 address, new malware file name, service name, and other settings.
Not only that but FatalRat also disables computer lockdown using the
CTRL+ALT+DELETE command. After disabling that, it automatically starts to execute a keylogger to record your keyboard keystrokes.
This Trojan can change screen resolution, activate keylogger, installing and uninstalling Anydesk, uninstall UltraViewer. Apart from that it can also modify registry keys and can download and execute file and shell commands.
Before downloading any file from the telegram make sure it is from a safe source. And always follow safe security practices to keep your machine secure.