Back

PowerShell Script on Pastebin Steals Telegram Session Data

Severity: Medium (Score: 51.9)

Sources: Cybersecuritynews, Gbhackers

Summary

Cybersecurity researchers have identified a malicious PowerShell script hosted on Pastebin that targets Telegram users by stealthily stealing session data from both desktop and web clients. This script masquerades as a Windows telemetry update, making it likely to be executed by unsuspecting users. Unlike typical credential stealers, this tool specifically focuses on Telegram session data without attempting to capture passwords or browser credentials. The attack method leverages social engineering tactics to ensure user compliance. The scope of the impact is currently unclear, but it poses a significant risk to Telegram users who may inadvertently run the script. As of now, there are no reports of widespread exploitation, but the potential for targeted attacks remains high. Security professionals are advised to monitor for unusual activity related to Telegram sessions. The script's design provides insights into the development and testing of such malicious tools. Key Points: • A PowerShell script on Pastebin is designed to steal Telegram session data. • The script disguises itself as a Windows telemetry update to deceive users. • Current exploitation levels are unclear, but the risk to Telegram users is significant.

Key Entities

  • Malware (attack_type)
  • T1059.001 - PowerShell (mitre_attack)
  • Pastebin (platform)
  • Telegram (platform)
  • Windows (platform)
  • PowerShell (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed