ResokerRAT: New Telegram-Based Remote Access Trojan Targets Windows Systems

Severity: Medium (Score: 48.9)

Sources: Cybersecuritynews, Gbhackers

Summary

A new Windows malware named ResokerRAT has emerged, utilizing the Telegram Bot API for communication. This Remote Access Trojan (RAT) allows attackers to remotely control infected systems without relying on traditional command-and-control servers. Instead, it blends in with legitimate encrypted traffic, making detection challenging. The malware is designed to stealthily monitor and exfiltrate data from compromised Windows machines. Currently, there are no specific numbers of affected systems or known CVEs associated with ResokerRAT. The attack method leverages the trusted nature of Telegram, raising concerns about the misuse of widely used communication platforms. As of now, there are no reports of widespread exploitation, but the potential for targeted attacks remains significant. Security professionals are advised to remain vigilant against this emerging threat. Key Points: • ResokerRAT uses Telegram's Bot API for stealthy remote access to Windows systems. • The malware operates without a traditional command-and-control server, complicating detection. • Current reports indicate no widespread exploitation, but targeted attacks are possible.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• ResokerRAT (malware)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Telegram (platform)
• Windows (platform)
• Telegram Bot API (tool)