New Golang malware is hijacking Telegram to help itself spread

News
By published

Backdoor is using Telegram to receive commands

Telegram
(Image credit: Shutterstock)
  • Netskope uncovers new Go-built backdoor spreading malware
  • It uses Telegram as its C2 infrastructure to send commands
  • The backdoor is most likely of Russian origin, experts warn

A new backdoor threat has been spotted using Telegram as its command-and-control (C2) infrastructure, researchers have warned.

Cybersecurity researchers from Netskope observed a new backdoor built in Golang, also known as Go, a programming language best known for its simplicity, concurrency support, and efficiency in building scalable backend systems, cloud services, and networking applications.

The backdoor is capable of executing PowerShell commands, can self-destruct, and checks for and executes predefined commands. However, what makes it really stand out from the crowd is its C2 infrastructure - it uses a special function to create a bot instance, using a Telegram API token generated via Botfather. Then, it uses a separate function to continuously listen for incoming commands from a Telegram chat. Before executing any predefined actions, the malware verifies the received command’s validity.

Challenging defense

Using Telegram, or other cloud services, as a C2 server is nothing new, the researchers explained, but it is dangerous, since it is difficult for security pros to differentiate between malicious and benign information flow.

“Although the use of cloud apps as C2 channels is not something we see every day, it’s a very effective method used by attackers not only because there’s no need to implement a whole infrastructure for it, making attackers’ lives easier, but also because it’s very difficult, from a defender perspective, to differentiate what is a normal user using an API and what is a C2 communication,” Netskope said in the article.

Besides Telegram, threat actors often use OneDrive, GitHub, Dropbox, and similar cloud apps, making defenders’ lives difficult.

Netskope did not discuss the number of potential victims, but did stress that the malware is most likely of Russian origin.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
GitHub Webpage
A cracked malicious version of a Go package lay undetected online for years
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Magnifying glass enlarging the word 'malware' in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Autonomous finance

Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
See more latest
Most Popular
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks