Abusing Telegram API for C2 communications
In response to the researchers, C2 communication being established by the malware might simply be mistaken for reliable Telegram API deployments, making its detection troublesome.
“Though the usage of cloud apps as C2 channels isn’t one thing we see each day, it’s a really efficient technique utilized by attackers not solely as a result of there’s no have to implement an entire infrastructure for it, making attackers’ lives simpler, but in addition as a result of it’s very troublesome, from defender perspective, to distinguish what’s a traditional person utilizing an API and what’s a C2 communication,” researchers famous.
The backdoor makes use of Telegram as its C2 mechanism by utilizing an open-source Go package deal to work together with it, the weblog publish added. It initially creates a bot occasion utilizing Telegram’s BotFather characteristic which allows creating, managing, and configuring Telegram Bots.
