The latest hacker trick is using the popular messaging app Telegram to install the Torjan malware to infect Windows systems.
Trojan software installs a loophole, or as it is technically known as a backdoor, which is usually hidden and enables hackers to enter and exit users’ systems, spy on them, and even disable their devices.
New research published by Minerva Labs describes the attack as different from other attacks that usually take advantage of popular programs to launch malware.
The strength of this threat lies in keeping most of the attack hidden by dividing the attack into several small files, most of which were difficult to detect by antivirus programs, and the final step in the attack was to create a backdoor called a “Purple Fox rootkit”, according to What researcher Natalie Zargarov says.
Purple Fox was first discovered in 2018, and it comes with capabilities that allow malware to be implanted without the security software noticing it.
A report by the security firm Guardicore detailed the features of this backdoor, allowing it to spread more quickly.
The researchers noted that “the rootkit capabilities of Purple Fox make it more capable of achieving its goals in a more covert manner, and also allow it to persist in affected systems.”
The new series of attacks observed by Minerva begins with an installer file for Telegram, a program that installs the chatting application, and with it lies a malicious download program called TextInputh. After installing it, this program downloads other malware from the attacker’s server.
These downloaded programs then block the processes associated with the various antivirus programs, before moving on to the final step of downloading and running the Rubble Fox Root Cut from a remote server.