Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups, and journalists who oppose the regime around the world, according to an FBI alert published on Friday.
In the first stage of the attack, the hackers contact their targets and pretend to be a known contact or tech support, and are tricked into accepting a link to a malicious file masquerading as legitimate apps, such as Telegram and WhatsApp. Once the target installs the malware, the second stage of the attack connects the infected victim with Telegram bots that allow the hackers to remotely command and control the victim’s computer. This allows the hackers to gain remote control of the victims’ devices to steal files, take screenshots, and record Zoom calls, according to the FBI.
