Friday, October 4, 2024
HomeMalwareNew Android RAT Spotted in Wild Abusing Telegram Protocol for Command and...

New Android RAT Spotted in Wild Abusing Telegram Protocol for Command and Control

Published on

A new family of Android RAT spotted in wild abusing the Telegram protocol for command & control and data exfiltration.

Attackers distributing the New Android RAT through third-party app stores, social media and messaging apps. The attack primarily focussed on Iran and the attackers distributed the app promising free bitcoins, free internet connections, and additional followers on social media.

The malware runs on all Android versions and it has not been into the play store, security researchers from ESET identified the new malware family and they appear to be spreading from August 2017 and its source code was made available free in Telegram hacking channels last March 2018.

- Advertisement - EHA

Once the app installed it uses social engineering methods to attain device administrator details and once the installation completed it shows a fake small popup “claiming the app can’t run on the device and will, therefore, be uninstalled.”

New Android RAT

But with the fake uninstallation only removes the icon not the app and new victim device registered in attackers server.

The malware contains a range of capabilities including “spying and file exfiltration capabilities, including intercepting text messages and contacts, sending text messages and making calls, audio and screen recording, obtaining device location, and controlling the device’s settings.”

Android RAT dubbed HeroRat’s is divided into categories and sold bronze(25 USD), silver(50 USD) and gold panels (100 USD) respectively and the source code at 600 USD.

It has been developed using Xamarin framework and the malware contains clickable interface in Telegram bot interface, where attackers can control the victim devices by just tapping the button.

New Android RAT

The communication between the C&C and the data exfiltrated are transferred through telegram protocol to avoid traffic detection.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...