Fake Telegram site delivering RAT aimed at Chinese Users


Application abuses Windows Defender Executable to perform DLL Sideloading

During a routine threat hunting exercise, Cyble Research and Intelligence Labs (CRIL) identified a fake Telegram website masquerading as a legitimate website that downloads a malicious installer. This installer abuses the Windows Defender application to perform RAT operations. The below figure shows the fake Telegram website.

Figure 1 – Website Hosting Fake Telegram Download Page

The fake website redirects users to Tele…

Read More