Hackread reports that Linux servers have been subjected to attacks with an updated version of the TgRat trojan, which bypasses detection through the utilization of Telegram for command and control.
Intrusions commence with the checking of a targeted computer's name hash against an embedded string, with aligning values prompting TgRat to establish a connection with a Telegram bot from which it would receive instructions for further malicious activities, according to a Dr. Web report. Aside from facilitating file downloads and screenshot capturing, TgRat also allowed remote command execution through a single message that enabled increased stealth, said researchers, who noted that the trojan's usage of Telegram enabled the concealment of malicious communications. Organizations have been urged to track network traffic and be vigilant of atypical communications between local network devices with Telegram servers to prevent possible compromise with the TgRat trojan.
