Hacks

An Iranian based Cloud Infrastructure provider Arvan experienced a DDoS attack that peaks up to 5,000 Requests Per Second via Telegram MTProxy. The attack started on November 6 and lasts for 3 days. The MTProxy was used by Telegram to bypass the Iranian filtering system as the Telegram banned in Iran. Several users started using MTProxy which makes difficult for the government authorities to restrict the traffic. Attack With Telegram MTProxy Arvan spotted huge traffic received using free MTProxy hit on their Edge server and the packets are not specific to any domain name and they are directly sent to the IP address. The traffic received is completely random and has no similarities and it’s completely a new attack type and the traffic doesn’t follow any protocol patterns such as HTTP, HTTPS, FTP, and so on. All the attack packets come within the Iranian IP and this huge amount of packets can disturb any server infrastructure the company says. Arvan tried multiple ways t...

Researchers discovered a new trojan Masad Stealer to deliver the powerful spyware on the targeted systems and exfiltrate the stolen data via Telegram. Masad Stealer using Telegram as a command and control channel to maintain the anonymity and hide the malware communication traffic. Recent pas, several hacking groups are abusing the Telegram and used it as a part of their attack in different categories of a malicious campaign. Malware developers who behind the Masad Stealer advertised in the underground hacking forums as it is capable of steals browser data, which might contain usernames, passwords, and credit card information. Also, it automatically replaces the own cryptocurrency wallets from the clipboard with the help of the Telegram bot that controlled by the attacker behind the scene. Researchers believe that Masad Stealer is currently an ongoing campaign and actively attacking the thousands of victims around the world. also, the command and control bot stil...