ResokerRAT is a new type of remote access trojan that has been found This article explores createmutexw api malware. . It uses Telegram's bot API as its main way to talk to infected Windows machines and keep an eye on them without them knowing it.

It can do a lot of things, like taking screenshots, downloading more files, turning off Windows security prompts, and stopping users from using diagnostic tools like Task Manager. K7 Security Labs analysts found the malware and said that one of the first things it does when it runs is make a mutex called "Global\ResokerSystemMutex" using the Windows CreateMutexW API. The malware makes a URL by putting together a hardcoded bot token and chat ID. This URL keeps checking Telegram for new instructions.

Before sending the collected data, the malware uses URL encoding to hide the content so that it can get through network filters without being detected.

Network capture analysis confirmed this pattern of traffic that happens over and over again. The /screenshot command is one of the most invasive remote commands. Users and security teams should keep a close eye on the Windows Run registry key for any entries that shouldn't be there.

Keep an eye out for unknown processes sending HTTPS traffic to api.telegram.org. To lower the risk of infection, it's important to keep your systems and software up to date, stay away from executable files from untrusted sources, and be on the lookout for any sudden inability to open Task Manager. To Get More Updates Right Away, Make ZeroOwl your preferred source in Google.

Set ZeroOwl as your preferred source in Google and X as your preferred source in X to get more instant updates. You can get private help by calling the Samaritans at 08457 90 90 90, going to a Samaritans branch near you, or clicking here for more information. If you need help in the U.S., call the National Suicide Prevention Lifeline at 1-800-273-8255.