Network Security, Threat Intelligence

Updated TgRat trojan sets sights on Linux servers

Share
Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Hackread reports that Linux servers have been subjected to attacks with an updated version of the TgRat trojan, which bypasses detection through the utilization of Telegram for command and control.

Intrusions commence with the checking of a targeted computer's name hash against an embedded string, with aligning values prompting TgRat to establish a connection with a Telegram bot from which it would receive instructions for further malicious activities, according to a Dr. Web report. Aside from facilitating file downloads and screenshot capturing, TgRat also allowed remote command execution through a single message that enabled increased stealth, said researchers, who noted that the trojan's usage of Telegram enabled the concealment of malicious communications. Organizations have been urged to track network traffic and be vigilant of atypical communications between local network devices with Telegram servers to prevent possible compromise with the TgRat trojan.

Updated TgRat trojan sets sights on Linux servers

Intrusions commence with the checking of a targeted computer's name hash against an embedded string, with aligning values prompting TgRat to establish a connection with a Telegram bot from which it would receive instructions for further malicious activities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.