Telegram Features is Used to Operate New Data Stealing RAT

Security researchers have surfaced a new Remote Access Trojan (RAT) called T-RAT, that’s been circulating widely in a Russian-speaking hacker forum. While it’s cheap and capable of stealing data like others, it’s primarily being advertised on one vector – able to control via a telegram channel! It lets the operators perform 98 commands from hijacking to spoofing data.

New RAT Controllable From Telegram

Telegram Features is Used to Operate New Data Stealing RAT
T-RAT Malware

Remote Access Trojans are secondary tools that are deployed into target systems through any backdoors, and have capabilities of spying and stealing data from them. The new RAT, named as T-RAT from Russian-speaking underground forums does just that, but it’s popular for something else.

Priced at just $45, hackers are selling T-RAT saying it’s controllable through a Telegram channel. And indeed, it is. This gives the operator (buyer) much more flexibility to control the trojan from his phone, rather than a web-based administration panel which needs a computer often.

The makers of this T-RAT claims this can be activated easily through their dedicated Telegram Channel and as soon as it enters the target system. Starting there, he can control the RAT with 98 commands, all having their specifications like recording audio, deploying keyloggers, browsing through the target’s filesystem, and detecting the location of sensitive data.

Further, he can take screenshots and pictures through webcam, retrieve browser cookies, and saved passwords, and steal clipboard contents. What’s notable here is the ability to replace long strings like cryptocurrency wallet addresses with his data, thus hijacking the fund’s movement process and eventually stealing cryptocurrencies like WME, WMX, BTC, Ripple, BTCG, WMR, WMZ, Qiwi, Dogecoin, and Tron.

Also, it can steal general money from Yandex Money, Payeer, and CC. Further, it’s also capable of running the terminals commands in PowerShell and Command Prompt, to block the target from reaching certain websites like antivirus, kill processes like security scans and disable taskbar or task manager completely!

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here