HeroRat Trojan Uses Protocol from Telegram to Communicate

HeroRat Trojan image

HeroRat is the newest Trojan threat that appears to use the Telegram protocols in order to set up a secure connection to the hacker-controlled servers. The discovery was made due to its public source code release on the underground hacking networks. It is considered a very dangerous instance that can be used to create further offspring versions.

Telegram Protocols Used In In HeroRat Trojan Delivery Method

The security community reported the discovery the of the HeroRat Trojan. The code analysis reveals that it uses the Telegram protocols in order to establish a secure connection with the hacker servers. Its code was recently made public in the underground hacker markets which has allowed experts to analyse it in detail.

The reports indicate that the virus may have been used in attacks since August 2017. The code analysis shows that it has been written from scratch in C# using the popular Xamarin framework. In comparison previous were written in Java. At the moment its code is still available on purchase both in its “vanilla” form or in customized versions that can be customized according to the needs of the clients.

The current attack campaign targets devices in Iran — the hackers are sending messages containing social engineering tricks promising free Bitcoins, followers on social media and Internet connection to the users. At the moment Android users are targeted. Once the APK installation files are started they will ask for the following permissions to be granted:

  • Erase all data — Erase the phone’s data without warning by performing a factory data reset.
  • Change the screen-unlock password — Change the screen-unlock password.
  • Set password rules — Control the length and the characters allowed in screen-unlock passwords.
  • Monitor screen-unlock attempts — Monitor the number of incorrect passwords typed. when unlocking the screen, and lock the (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/herorat-trojan-uses-protocol-telegram-communicate/