Alert: Russian Hackers Deploy Stealthy Telegram-Powered Malware in New Golang Attack

New Telegram-Based Malware Backdoor Discovered

Security researchers at Netskope Threat Labs have identified a new backdoor malware written in Golang that leverages Telegram for command-and-control communications. The malware, suspected to be of Russian origin, demonstrates full functionality despite being in development stages.

Operating Mechanism:
The backdoor specifically targets the location “C:\Windows\Temp\svchost.exe” for execution. If launched from a different location, it copies itself to the target directory and initiates a new process before terminating the original instance.

Key Features:
– Utilizes Telegram Bot API for command and control
– Implements three primary commands:
* /cmd: Executes PowerShell commands
* /persist: Relaunches from specified directory
* /selfdestruct: Removes itself and terminates
* /screenshot: Currently non-functional

Russian Attribution:
The malware’s Russian origin is evidenced by command prompts being displayed in Russian, particularly the “/cmd” instruction response.

The discovery highlights criminals’ growing use of cloud applications for attacks, exploiting their accessibility and complexity in defense. The malware’s use of Telegram as a C2 channel demonstrates the evolving tactics in cyber threats.

Keywords: malware backdoor telegram, telegram-based malware, golang malware, telegram bot malware, cybersecurity threats, command and control malware

Share This Article

Alert: Russian Hackers Deploy Stealthy Telegram-Powered Malware in New Golang Attack

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch