ToxicEye is a new remote access Trojan (RAT) malware that has been used for more than 130 attacks over the past three months. Check Point Research has found that this new multi-functional remote access trojan (RAT) is spread via phishing emails containing a malicious .exe file.
SEE: Malware infected Telegram app found in Play Store
The attack works by opening the attachment allowing ToxicEye to install itself on the user’s PC and perform a range of exploitive tasks while the victim is oblivious. These include:
Stealing data
killing processes on the PC
Deleting or transferring files
Encrypting files for ransom purposes
Hijacking the PC’s microphone, camera to record audio, video.
ToxicEye is controlled by attackers over Telegram, communicating with the attacker’s C&C server and exfiltrating data to it.
According to researchers, the Telegram RAT functionality has been observed and a number of key capabilities have been characterized which enable us to understand with what intent it was created. The recent attacks have shown that it includes data-stealing features, more specifically, the RAT can locate and steal:
Passwords
Browser cookies
Browsing history
Computer information
ToxicEye also has file system control which allows it to delete and transfer files or kill processes and take over the PC’s task manager.
More importantly, I/O hijacking was observed which means that the RAT can deploy a keylogger, or record audio and video of the victim’s surroundings via the PC’s microphone and camera, or hijack the contents of the clipboard.
Lastly, it appears to also have ransomware features that give it ..
Support the originator by clicking the read the rest link below.
