Hackers turn Telegram messenger into malware vector

Hackers are now weaponizing Telegram messenger with malware to gain control over ￰0￱ to reports hackers are using a backdoor in a maliciously modified version of the Telegram X ￰1￱ backdoor grants them complete control over their victims’ accounts and allows them to operate without ￰2￱ to reports the malware is sent into devices through deceptive in-app advertisements and third-party app stores that masquerade as legitimate dating and communication ￰3￱ threat represents a significant escalation in mobile malware distribution with it spreading across 58,000 infected ￰4￱ addition

it has also spread across more than 3,000 smartphones tablets TV boxes and some Android-based vehicle ￰5￱ weaponize Telegram with malware to gain access The report claims that the backdoor distribution started in 2024

with the hacker primarily targeting Brazilian and Indonesian users through Portuguese and Indonesian language ￰6￱ victims come across advertisements within the mobile application which redirect them to fake app catalogs featuring fake reviews and promotional banners advertising free video chats and dating ￰7￱ fake websites deliver apps infused with malware that look the same as the legitimate ￰8￱ from the malicious websites the backdoor has also infiltrated established third-party repositories including APKPure

ApkSum and AndroidP where it is deceptively posted under the official messenger developer’s name despite having a different digital ￰9￱ identified the malware as having an exceptional capability to steal confidential information which includes login credentials

passwords and complete chat ￰10￱ backdoor also hides compromised account indicators by hiding third-party device connections from active Telegram session ￰11￱ addition it is capable of removing or adding its victims to channels and chats without their approval disguising these actions entirely

and transforming compromised accounts into tools for artificially inflating Telegram channel ￰12￱ sets it apart from conventional Android threats is its use of the Redis database for command-and-control ￰13￱ earlier versions of the malware relied on traditional C2 servers but the developers have integrated Redis-based ￰14￱ manipulates functionalities without detection The report claims that the backdoor uses multiple techniques to manipulate messenger functionalities without being ￰15￱ operations that won’t interfere with core app features the hackers use already prepared mirrors of messenger methods which are separate code blocks responsible for specific tasks within the Android program ￰16￱ mirror allows the app to display phishing messages within windows that perfectly replicate the original Telegram X ￰17￱ other operations that require deeper integration

the malware uses the Xposed framework to modify the app methods allowing abilities like hiding specific chats concealing authorized devices and intercepting clipboard ￰18￱ backdoor malware uses the Redis channels and C2 servers to receive extensive commands

including uploading SMS contacts and clipboard contents whenever a user minimizes or restores the messenger ￰19￱ clipboard monitoring is used by hackers to steal data such as crypto wallet passwords

mnemonic phrases or confidential business communications that were unknowingly ￰20￱ backdoor collects device information installed application data message histories

and authentication tokens and transmits the information to the hackers every three minutes while maintaining the appearance of a normal Telegram messenger ￰21￱ your strategy with mentorship + daily ideas - 30 days free access to our trading program