New Golang malware is hijacking Telegram to help itself spread

Netskope uncovers new Go-built backdoor spreading malware
It uses Telegram as its C2 infrastructure to send commands
The backdoor is most likely of Russian origin, experts warn

A new backdoor threat has been spotted using Telegram as its command-and-control (C2) infrastructure, researchers have warned.

Cybersecurity researchers from Netskope observed a new backdoor built in Golang, also known as Go, a programming language best known for its simplicity, concurrency support, and efficiency in building scalable backend systems, cloud services, and networking applications.

The backdoor is capable of executing PowerShell commands, can self-destruct, and checks for and executes predefined commands. However, what makes it really stand out from the crowd is its C2 infrastructure – it uses a special function to create a bot instance, using a Telegram API token generated via Botfather. Then, it uses a separate function to continuously listen for incoming commands from a Telegram chat. Before executing any predefined actions, the malware verifies the received command’s validity.

Challenging defense

Using Telegram, or other cloud services, as a C2 server is nothing new, the researchers explained, but it is dangerous, since it is difficult for security pros to differentiate between malicious and benign information flow.

“Although the use of cloud apps as C2 channels is not something we see every day, it’s a very effective method used by attackers not only because there’s no need to implement a whole infrastructure for it, making attackers’ lives easier, but also because it’s very difficult, from a defender perspective, to differentiate what is a normal user using an API and what is a C2 communication,” Netskope said in the article.

Besides Telegram, threat actors often use OneDrive, GitHub, Dropbox, and similar cloud apps, making defenders’ lives difficult.

Netskope did not discuss the number of potential victims, but did stress that the malware is most likely of Russian origin.

https://cdn.mos.cms.futurecdn.net/MBAK2qBssgYAU5aBU93iRZ-1200-80.jpg

Source link

Audio-Technica ATH-ADX7000 review: truly exceptional open-backs for the more affluent audiophile

Watch out Microsoft 365 — European giants launch Euro-Office, a ‘true sovereign office suite’

How CIOs can create a strong foundation for an AI-enabled workplace

Artemis II will use laser beams in giant leap for space video — new optical tech will stream ‘4K high-definition video from the Moon’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

7 Most Perfect TV Dramas of the Last 10 Years, Ranked

Brian Cox Joins Cast of Dexter: Resurrection Season 2

Don Lemon Considers Presidential Run

Woman Tied to Lindsey Buckingham Restraining Order Speaks After Attack

Braemar Hotels & Resorts extends advisory agreement with Ashford Inc. for ten years

Leaders push for a ‘Manhattan Project’ and public-private solutions around AI and labor

First French ship transits Strait of Hormuz in setback for Trump

Google CEO Sundar Pichai says we’re just a decade away from a new normal of extraterrestrial data centers

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

New Golang malware is hijacking Telegram to help itself spread

Braemar Hotels & Resorts extends advisory agreement with Ashford Inc. for ten years

Audio-Technica ATH-ADX7000 review: truly exceptional open-backs for the more affluent audiophile

7 Most Perfect TV Dramas of the Last 10 Years, Ranked

Leaders push for a ‘Manhattan Project’ and public-private solutions around AI and labor