-
Hackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not att…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hides behind a Chinese-language pack-decoy and an uncommon ZPAQ-based packer. The MSI is a WiX-buil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker‑owned server. By blending in with leg…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even prank-based disr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command‑and‑control (C2) server, ResokerR…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API command‑and‑control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system. The malicious package , pyronut , was uploaded to PyPI …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious exec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
