Telegram is used as a command-and-control (C2) communication mechanism in a new Golang-based backdoor. It may have Russian roots, according to Netskope Threat Labs. Malware is made to detect whether it is operating under a particular name and location.
If not, it creates a new process to start the copied version and ends itself after reading its own contents and writing them to that location. "The malware is compiled in Golang and once executed it acts like a backdoor," according to an analysis released last week by security researcher Leandro Fróes. He added that hackers are aware of the use of cloud apps in cyberattacks. "Although the malware seems to still be under development it is completely functional," he stated.
According to Fróe, "other factors like how simple it is to set and start the Use of the app are examples of why attackers use applications like that in different phases of an attack." "The use of cloud apps presents a complex challenge to defenders and attackers are aware of it," he continued.
.webp%3Fw%3D1068%26resize%3D1068%2C0%26ssl%3D1&w=3840&q=75)