• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 3rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News

Hackers are using popular chat apps to control malware operation

June 8th, 2017 Jahanzaib Hassan Security, Technology News 0 comments
Hackers are using popular chat apps to control malware operation
Share on FacebookShare on Twitter

Yesterday, a group of IT security researchers had revealed that Russian hackers are controlling malware operation through the official Instagram account of the world renowned singer Britney Spears.

Now, according to research conducted by Trend Micro, it was revealed that hackers could use third-party chat applications such as Slack, Discord, and Telegram as command-&-control (C&C) centers to host malware on a victim’s system.

[irp posts=”47720″ name=”The First Ransomware to Exploit Telegram Cracked and Decryptor Published”]

The pervasive use of chatting apps

Third-party chat apps such as slack, have been growing in use by large and small corporations alike due to the convenience with which the platforms allow communication and collaboration. However, researchers at Trend Micro discovered that (PDF) APIs of these platforms could be exploited to serve as C&C centers for different types of malware.

APIs as the key beneficiary

Application programming interface or API for short is a set of tools and protocols that allow apps to be integrated with other primary systems so as to be used in a complete and seamless manner.

That is, with the use of APIs, primary systems can be enhanced regarding functionality. It is perhaps because of this that businesses are so obsessed with apps like Slack which allow them to easily integrate the advanced functionality of the chat platform with their primary system.

This eases the staff from using different apps for different functions and thus makes the process of communication much smoother.

However, it seems that it is the same APIs that can be manipulated by attackers to turn the innocuous apps into malicious C&C centers for malware that can be used by the attacker to communicate with the malware and launch attacks accordingly.

These exploits can appear legit

The main threat to businesses and users operating such third-party apps is that the attacks are immune to security. That is, attackers can turn the entire app into a C&C system without being detected by any anti-malware or security.

This is because, in essence, the attacker is simply using a chat app to communicate; albeit, with malware. Hence, the mere act of communicating does not get captured by the relevant security protocols, implying that the attacker can launch any attack conveniently.

Why is it more dangerous than normal malware?

Reports say that normal ransomware is executed using an automated algorithm. That is, a ransomware controls itself using a pre-defined code and therefore harms a computer as directed by the code. This means there is no human intervention.

In the case of chat apps being used as C&C systems, attackers can manipulate the malware as they wish once the infection has been injected into a victim’s system. They only need to sign up to these apps like a normal user and start commanding the malware to perform all sorts of vicious attacks.

Hence, rather than being automated, the malware can be controlled to do anything the attacker wants it to. This makes it far more dangerous than normal ransomware attacks.

“The malware we found currently taking advantage of Telegram and Discord are proof of this. And it is not a remote possibility that we will see more and more examples of chat platform API abuse in the near future. For example, instead of writing a custom interface from scratch to communicate with a ransomware victim, a cybercriminal may just opt to use a third-party chat client wrapped in a custom chat window that opens a web socket to the appropriate channel. He can then immediately walk the victim through the payment process and start with the decryption once the ransom is paid,” said Trend Micro.

How to stay secure?

Perhaps the only way to remain secure is to keep monitoring any changes in data that is being transmitted through the apps while businesses need to secure their networks by installing anti-virus and other anti-malware tools.

[irp posts=”51800″ name=”Security Flaw Allowed Hackers to Compromise WhatsApp, Telegram Accounts”]


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • app
  • Encryption
  • internet
  • Malware
  • security
  • Technology
  • Telegram
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Malicious Android app installs 'impossible to remove' adware
Next article Al Jazeera News Platforms Hit by Massive Cyber Attacks
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
Gootloader exploits websites via SEO to spread ransomware, trojans

Gootloader exploits websites via SEO to spread ransomware, trojans

Authentication bypass vulnerability found in NATO, EU approved firewall

Authentication bypass vulnerability found in NATO, EU approved firewall

Data analytics firm Polecat data breach - 30TB of data exposed

Data analytics firm Polecat data breach - 30TB of data exposed

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Gootloader exploits websites via SEO to spread ransomware, trojans
Security

Gootloader exploits websites via SEO to spread ransomware, trojans

Authentication bypass vulnerability found in NATO, EU approved firewall
Security

Authentication bypass vulnerability found in NATO, EU approved firewall

Data analytics firm Polecat data breach - 30TB of data exposed
Leaks

Data analytics firm Polecat data breach - 30TB of data exposed

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us