Photo credit: www.csoonline.com
Abusing Telegram API for C2 communications
Recent findings from cybersecurity experts reveal that malware is exploiting the Telegram API for command and control (C2) communications, a strategy that can easily be confused with authentic Telegram API usage, complicating detection efforts.
The researchers pointed out that leveraging cloud applications as C2 channels, although not a common tactic, has proven to be highly effective for cybercriminals. This approach not only alleviates the need for building an extensive infrastructure but also poses significant challenges for defenders in distinguishing between legitimate user activity and malicious C2 communications.
The malware operates by utilizing Telegram as its C2 platform, employing an open-source Go package to facilitate interaction with the platform. The initial step involves creating a bot instance through Telegram’s BotFather feature, which allows users to create, manage, and configure their Telegram bots.
Source
www.csoonline.com