"The hackers contact their targets and pretend to be a known contact or tech support, tricking them into accepting a link to a malicious file masquerading as legitimate apps, such as Telegram and WhatsApp."
"Once the target installs the malware, the second stage of the attack connects the infected victim with Telegram bots that allow the hackers to remotely command and control the victim's computer."
"Using Telegram as a way to remotely control a victim's device is a common technique by hackers to hide malicious activity among legitimate network traffic, making it harder for cybersecurity defenders to identify."
"The FBI mentioned the pro-Iranian and pro-Palestine fake hacktivist group Handala, although it's not clear if the attacks referenced in the alert were carried out by this group."
Iranian government hackers are using Telegram to steal data from dissidents, opposition groups, and journalists. They contact targets pretending to be known contacts or tech support, tricking them into downloading malware disguised as legitimate apps. Once installed, the malware connects victims to Telegram bots, allowing hackers to remotely control devices, steal files, take screenshots, and record calls. These attacks are linked to Iran's Ministry of Intelligence and Security and aim to further the regime's geopolitical agenda.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]