An ongoing trend observed by cybersecurity analysts and malware researchers reveals Telegram messaging service is being abused by malware authors that target e-commerce websites.
The findings revealed by the web security company Astra highlights that malware actors plant scripts on compromised websites that transmit error logs and other sensitive data over encrypted Telegram channels.
“The error logs or sensitive information that are being sent to the hacker via Telegram is to check whether their malware is planted successfully on a website or not, and in another case, if the malware is planted successfully then they’re sending the sensitive information of the victims to a specific telegram number or channel,” said Kanishk Tagade of Astra in a blog post.
“Magento, Prestashop and WooCommerce stores remain the top target of this hacking campaign,” he continued.
The use of an encrypted service allows attackers to not only evade detection of malicious traffic, but also prevent from being blacklisted as they use Telegram’s infrastructure which would naturally be trusted by many security products.
Astra’s engineers stated, “The hacker sends a request with $_POST[‘name’] = evil.php and $_POST[‘content’] =
example.com/moreMaliciousCode.txt
“
“The backdoor script then creates a file called evil.php on the server with the file contents found in example.com/moreMaliciousCode.txt.
The hacker then visits compromised-site.com/evil.php
to execute the bad code.”
According to the engineers, the hacker group is called “B4JAT4X” based on the clues left in the malicious source code.
These findings follow a recent discovery by Malwarebytes where the company had found web skimmers stealing credit card information from infected websites and transmitting it over Telegram to the attackers.
With the rise in popularity of end-to-end encryption messaging platforms, attacks like these are only expected to grow and evolve with newer tactics.
“Security experts have long been recommending regular malware scanning as a key security measure for the safety of websites,” says Tagade.
“It is time you primed your websites with due security measures to keep it protected at all times,” he concluded.
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…
Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…
The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…
The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…
One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…
Phishing kit used by multiple hacked sites generates a log in page on the fly…
This website uses cookies.