The ransomware TeleCrypt is a recent example of malware campaigns that leverage chat platforms such as Telegram as C&C infrastructure.
The ransomware TeleCrypt is a recent example of malware campaigns that leverage chat platforms such as Telegram as C&C infrastructure.

Hackers are abusing Slack, Discord, Telegram and other third-party chat platforms by incorporating them into their malicious command-and-control infrastructure and then using their functionality to communicate data and even download malware, according to a new Trend Micro report.

Authored by senior threat researchers Stephen Hilt and Lord Alfred Remorin, the report notes that the platforms' ability to also integrate customized apps and scripts through their APIs make them appealing weapons to adversaries. For instance, the malicious actors behind the ransomware TeleCrypt used Telegram as a C&C tool for communicating when a system is newly infected, as well for conveying information regarding payment and decryption, the report continues. (TeleCrypt's encryption was subsequently cracked.)

"What makes this particular revelation about chat platforms a serious security issue that must be considered is that there is currently no way to secure the usage of such chat platforms without killing their functionality," the report explains. "There is also no way to distinguish between a malicious connection to these platforms and a legitimate one."