• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • March
  • 28
  • TeleRAT – Android Trojan Uses Telegram Bot API for C&C Communication

TeleRAT – Android Trojan Uses Telegram Bot API for C&C Communication

March 28, 2018March 26, 2018 Comments Off on TeleRAT – Android Trojan Uses Telegram Bot API for C&C Communication
how does telerat work telerat TeleRAT - Android Trojan Uses Telegram Bot API for C&C Communication telerat download

TeleRAT is the name of the latest Android Trojan that was discovered by researchers at Palo Alto Networks. The Trojan is designed to use Telegram Bot API for communication with its command and control server with the purpose of exfiltrating data.

The malware appears to be created in Iran, or is at least targeting individuals from that country. There are quite a few similarities the researchers found between TeleRAT and IRRAT Trojan, which was also abusing Telegram’s bot API for its communications.

Based on previous reports, it is known that Telegram’s Bot API was already being used to harvest information such as SMS, call history and file listings from targeted Android devices.

The majority of the apps we saw disguise themselves as an app that tells you how many views your Telegram profile received – needless to say, the information provided is inaccurate as Telegram doesn’t allow for populating any such information, the researchers wrote in their report.

How Does TeleRAT Function?

The Trojan creates and then populates several files on the device’s SD card, and later sends them to the upload server. This is the list of files:

– “[IMEI] numbers.txt”: Contact information
– “[IMEI]acc.txt”: List of Google accounts registered on the phone
– “[IMEI]sms.txt”: SMS history
– 1.jpg: Picture taken with the front-facing camera
– Image.jpg: Picture taken with back-facing camera

Once this is done, the Trojan reports back to the Telegram bot with the help of a beacon.

How did researchers find TeleRAT? While going through IRRAT samples, the team discovered another family of Android RATs that appeared to be originating from Iran. Not only did the piece use the Telegram API for command and control communications but it also exfiltrated stolen information.

Shortly said, TeleRAT is most likely an upgrade from IRRAT as it eliminates the possibility of network-based detection typically based on traffic to known upload servers.

“Aside from additional commands, this new family’s main differentiator to IRRAT is that it also uploads exfiltrated data using Telegram’s sendDocument API method”, Palo Alto’s report says.

In addition, the Trojan can be updated in two ways – through the getUpdates method which reveals the history of all the commands send to the bot, and through the use of a Webhook.

As to the distribution techniques it uses, the Trojan is using “seemingly legitimate applications in third-party Android app stores“. According to infection statistics provided by Palo Alto, 2,293 users were hit by this malware, with 82 percent of the victims having Iranian phone numbers.

Post navigation

GyoiThon – Machine Learning Penetration Testing
REXT – Router Exploitation Toolkit

Related Articles

NJ Man Attempted to Hire a Hitman on the Dark Web

NJ Man Attempted to Hire a Hitman on the Dark Web

- Dark Web News
February 5, 2023
Dutchman Sold Counterfeit Banknotes on the Dark Web

Dutchman Sold Counterfeit Banknotes on the Dark Web

- Dark Web News
February 4, 2023
A Guide to Crypto Self-Custody

A Guide to Crypto Self-Custody

- Dark Web News
February 1, 2023
hacker gadgets
hacker phone covers

Recent Posts

Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

Heap_Detective – The Simple Way To Detect Heap Memory Pitfalls In C++ And C

February 6, 2023
OneNoteAnalyzer: analyzing malicious OneNote documents

OneNoteAnalyzer: analyzing malicious OneNote documents

February 6, 2023
Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Winevt_Logs_Analysis – Searching .Evtx Logs For Remote Connections

February 5, 2023
NJ Man Attempted to Hire a Hitman on the Dark Web

NJ Man Attempted to Hire a Hitman on the Dark Web

February 5, 2023
PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

February 4, 2023
EAST - Extensible Azure Security Tool - Documentation

EAST – Extensible Azure Security Tool – Documentation

February 4, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW