Dating telegramm com
Tele RAT is an upgrade from IRRAT in that it eliminates the possibility of network-based detection that is based on traffic to known upload servers, as all communication (including uploads) is done via the Telegram bot API.
This is a perfect example of just that; looking closer at a previously established malware family to better understand it’s current and possibly changed capabilities.
“صبح ساعت ۶ انلاین شو تا روباته رو امتحان کنیم” Google Translation: “ Looking further into the ‘vahidmail67’ Telegram channel, we found advertisements for applications and builders that ran the entire gamut – from applications that get you likes and followers on Instagram, to ransomware, and even the source code for an unnamed RAT (complete with a video tutorial, shown below).
Aside from the Telegram channel, while looking for references to certain Tele RAT components we stumbled upon some threads on an Iranian programmers’ forum advertising the sale of a Telegram bot control library.
Telegram Bots are special accounts that do not require an additional phone number to setup and are generally used to enrich Telegram chats with content from external services or to get customized notifications and news.
And while Android malware abusing Telegram’s Bot API to target Iranian users is not fresh news (the emergence of a Trojan using this method called IRRAT was discussed in June and July 2017), we set out to investigate how these Telegram Bots were being abused to command and control malicious Android applications.
Also, we’ve witnessed several samples distributed and shared via both legitimate and nefarious Iranian Telegram channels.