Researchers find Telegram bot chatter is actually Windows malware commands

[silversurfer]

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands.

Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.

The attacker then uses Telegram to communicate with the malware and send HTTPS protected instructions.

The malware also revealed a vulnerability in Telegrams BOT API. Because the messages were sent by Telegram Bot API, and not between regular users, anyone knowing a few key pieces of information can snoop on the bot chatter and even recover full messaging histories of the target bot. Regular user’s messages are also protected with in-house MTProto encryption.

Source: https://www.scmagazine.com/home/security...-commands/

Report by Forcepoint: https://www.forcepoint.com/blog/security...egram-bots