Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,060
- Points
- 113
The Trojan is notable for using cloud services to bypass traditional security scanners
Security researchers from Netscope Threat Research Labs have discovered a new Remote Access Trojan (RAT) that uses Dropbox as a host and Telegram as a C&C server.
According to experts, the trojan is notable for using cloud services to bypass traditional security scanners that cannot check SSL or provide traffic analysis at the cloud application level.
The malware, dubbed TelegramRAT, spreads under the guise of a malicious Microsoft Office document that exploits the CVE-2017-11882 vulnerability that Microsoft fixed last month. The Trojan uses Bit.ly redirects to hide the malicious load hosted on the Dropbox cloud service.
The malicious payload is based on the open source Python TelegramRAT code hosted on GitHub. A unique feature of this malware is the use of the Telegram BOT API to receive commands and send messages over HTTPS. Thus, the Trojan manages to remain unnoticed by traditional network security tools, experts explained.
Security researchers from Netscope Threat Research Labs have discovered a new Remote Access Trojan (RAT) that uses Dropbox as a host and Telegram as a C&C server.
According to experts, the trojan is notable for using cloud services to bypass traditional security scanners that cannot check SSL or provide traffic analysis at the cloud application level.
The malware, dubbed TelegramRAT, spreads under the guise of a malicious Microsoft Office document that exploits the CVE-2017-11882 vulnerability that Microsoft fixed last month. The Trojan uses Bit.ly redirects to hide the malicious load hosted on the Dropbox cloud service.
The malicious payload is based on the open source Python TelegramRAT code hosted on GitHub. A unique feature of this malware is the use of the Telegram BOT API to receive commands and send messages over HTTPS. Thus, the Trojan manages to remain unnoticed by traditional network security tools, experts explained.
