After Whatsapp changed its privacy terms earlier this year, millions of users started to migrate over to other messaging apps, with a popular choice being Telegram. In fact, according to Sensor Tower, Telegram was the most downloaded app in January 2021 with more than 63 million downloads.
Now, security researchers are seeing a steady increase in cyber-criminal activity on Telegram, with new malware "ToxicEye" being able to hijack a user's PC through the popular messaging app.
- Best mobile phone deals in 2021
- Best messaging apps in 2021
- Nasty MacBook with M1 malware could steal your cryptocurrency
Discovered by researchers at Check Point Research (CPR), hackers are using the messaging app as a ready-made command and control (C&C) system for a new remote access trojan named "ToxicEye."
Unfortunately, Telegram has already seen 130 attacks and given the recent spike in active users, many more are now vulnerable.
The nasty malware can perform a number of malicious tasks, such as stealing private data, transferring files, killing PC processes, and encrypt files for ransom purposes — something we recently saw happen to Cyberpunk 2077 developers CD Projekt Red.
That's not all, as it even gives hackers the ability to hijack a PC’s microphone and webcam to record audio and video. Creepy.
As explained by CPR, ToxicEye is managed by attackers over Telegram, communicating with a hacker's C&C server and sending data to it. Telegram has become a hotbed for malicious activity because of how easy it is to transfer data from a victim's PC through the messaging platform.
Unfortunately, it's just as easy to be affected by the ToxicEye malware.
How to avoid the Telegram malware
ToxicEye is spread via phishing emails containing the malicious .exe file. Once a user opens up an attachment on the email, the malware gets to work by installing itself on the unsuspecting victim's PC. What's worse, a user won't even know their PC is infected until the damage is done.
The best way to avoid being attacked is to refrain from clicking on attachments on dodgy emails, or emails you're not familiar with.
However, CPR also suggests searching for a file named "C:\Users\ToxicEye\rat.exe" on your PC. If you find it, you have been infected, so make sure to erase the file immediately.
Every app is vulnerable to malicious activity, much like how a previous Android malware tricked WhatsApp users into a scam. However, if you are looking to jump ship, check out the best messaging apps to try out.