66/68 Tuesday, February 18, 2025
Security researchers from Netskope Threat Labs have discovered a new backdoor malware written in Golang, which uses the Telegram Bot API as a communication channel between attackers and the malware. This allows attackers to easily send commands and receive data directly through Telegram chats. Researchers believe the malware may have originated from Russia, as some text within its code is written in Russian.
The malware first checks if it is running from “C:\Windows\Temp\svchost.exe”. If not, it copies itself to that location and executes the new file to evade detection. It supports four commands:
- /cmd – Executes commands via PowerShell
- /persist – Creates a persistent process
- (Screenshot function) – Not yet functional
- /selfdestruct – Deletes itself and terminates execution
Researchers warn that attackers prefer cloud-based platforms like Telegram because they are easy to set up and use, making it harder for enterprise security systems to detect malicious activity.
To mitigate this threat, organizations should monitor abnormal system behaviors, inspect suspicious server connections, and enforce stricter security policies to reduce the risk of cyberattacks.
Source https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html
