Telegram under 'toxic' attack — new malware can steal private data and hijack your PC

Messenger Apps
(Image credit: Shutterstock)

After Whatsapp changed its privacy terms earlier this year, millions of users started to migrate over to other messaging apps, with a popular choice being Telegram. In fact, according to Sensor Tower, Telegram was the most downloaded app in January 2021 with more than 63 million downloads.

Now, security researchers are seeing a steady increase in cyber-criminal activity on Telegram, with new malware "ToxicEye" being able to hijack a user's PC through the popular messaging app. 

Discovered by researchers at Check Point Research (CPR), hackers are using the messaging app as a ready-made command and control (C&C) system for a new remote access trojan named "ToxicEye."

Unfortunately, Telegram has already seen 130 attacks and given the recent spike in active users, many more are now vulnerable.

The nasty malware can perform a number of malicious tasks, such as stealing private data, transferring files, killing PC processes, and encrypt files for ransom purposes — something we recently saw happen to Cyberpunk 2077 developers CD Projekt Red.

That's not all, as it even gives hackers the ability to hijack a PC’s microphone and webcam to record audio and video. Creepy.

As explained by CPR, ToxicEye is managed by attackers over Telegram, communicating with a hacker's C&C server and sending data to it. Telegram has become a hotbed for malicious activity because of how easy it is to transfer data from a victim's PC through the messaging platform.

Unfortunately, it's just as easy to be affected by the ToxicEye malware. 

How to avoid the Telegram malware

ToxicEye is spread via phishing emails containing the malicious .exe file.  Once a user opens up an attachment on the email, the malware gets to work by installing itself on the unsuspecting victim's PC. What's worse, a user won't even know their PC is infected until the damage is done.

The best way to avoid being attacked is to refrain from clicking on attachments on dodgy emails, or emails you're not familiar with.

However, CPR also suggests searching for a file named "C:\Users\ToxicEye\rat.exe" on your PC. If you find it, you have been infected, so make sure to erase the file immediately.

Every app is vulnerable to malicious activity, much like how a previous Android malware tricked WhatsApp users into a scam. However, if you are looking to jump ship, check out the best messaging apps to try out.


Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.