Malware |
Trojan |
Command & Control |
Telegram |
Target Platform |
Windows |
T-RAT is a Windows remote access trojan (RAT) that uses Telegram as a Command & Control (C2) channel to monitor the victims and steal their private data. The author of the malware highlights the integration capabilities of T-RAT as a selling point. This feature allows the malware to control the infected hosts and makes it easy to use.
Users of T-RAT can enter their commands by typing them in the chat window of the VoiP, instant messaging app Telegram. More than ninety commands are available at the user’s disposal and they are capable of performing the following functions:
This malware is also capable of interacting with Windows operating system via PowerShell and CMD, to manipulate running processes especially those which are security related. A second Command & Control channel is provided in the RAT via RDP/ VNC.
T-RAT is also capable of hijacking crypto transactions leveraging the clipboard access feature, to target payment solutions like:
T-RAT is being sold on various Russian speaking underground forums, with graphics illustrations of its features, the major selling point being Telegram integrations, used for C2 communications, making it easy to deploy the malware.
[/vc_wp_text][vc_wp_text]
[/vc_wp_text][vc_wp_text]