DeepSec 2022 Talk: Malware And Exfiltration : A Telegram Story – Godwin Attigah
Exfiltration and command and control are essential parts of the adversary’s kill chain. One of the primary goals of a malicious adversary is to exfiltrate data from an environment undetected and uninterrupted. As a result, several attackers have opted for third-party services typically sanctioned for most enterprises. The accepted status of such applications coupled with an established developer ecosystem makes services such as Slack and Telegram suitable for their exfiltration and command-and-control tool of choice. We have observed the usage of Telegram in different malicious activities including but not limited to ransomware, phishing, remote access trojans and stealers. We will discuss active samples found in the wild with a particular emphasis on stealers. Stealers are a class of malware that is primarily interested in gathering information on a host. Recent examples of Telegram in