Malware News FBI says Iranian hackers are using Telegram to steal data in malware attacks

[Brownie2019]

Content source

https://techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/

Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups, and journalists who oppose the regime around the world, according to an FBI alert published on Friday.

In the first stage of the attack, the hackers contact their targets and pretend to be a known contact or tech support, and are tricked into accepting a link to a malicious file masquerading as legitimate apps, such as Telegram and WhatsApp. Once the target installs the malware, the second stage of the attack connects the infected victim with Telegram bots that allow the hackers to remotely command and control the victim’s computer. This allows the hackers to gain remote control of the victims’ devices to steal files, take screenshots, and record Zoom calls, according to the FBI.

Using Telegram as a way to remotely control a victim’s device is a common technique by hackers to hide malicious activity among legitimate network traffic, which makes it harder for cybersecurity defenders and anti-malware products to identify.

According to the FBI, the hackers responsible for these attacks are allegedly working for Iran’s Ministry of Intelligence and Security (MOIS). The FBI said these attacks are an example of Iranian government hackers’ attempts to push the regime’s “geopolitical agenda.”
In the alert, the FBI mentioned the pro-Iranian and pro-Palestine fake hacktivist group Handala, although it’s not clear if the attacks referenced in the alert were carried out by this group.

Earlier this month, Handala claimed responsibility for an attack on medical tech giant Stryker, which resulted in the wiping tens of thousands of employee devices.

In an 8-K filing with the U.S. Securities and Exchange Commission on Monday, Stryker said it is still recovering from the hack.
Last week, the U.S. Justice Department accused Handala of being a front for Iran’s government, specifically the MOIS, and for being behind the Stryker hack. At the same time, the FBI took down and seized two websites linked to Handala, and two other sites linked to another Iranian hacktivist group called “Homeland Justice.” In the recent FBI alert, the bureau said the two groups are linked and controlled by the MOIS.

The FBI did not respond to a request to provide more information. Telegram also did not respond to a request for comment.

 

[Halp2001]

Thanks for sharing this news, it’s a good reminder that no matter who is behind the attack, the method tends to repeat itself. For any user, here are four simple tips to avoid falling into these traps:

• The Golden Rule of Apps: Never install a “Telegram” or “WhatsApp update” sent through a chat link. Apps only update from the official Store (Google Play or App Store). If someone sends you an .apk file or installer, it’s a trap.
• Don’t trust blindly: If a contact (even a friend or family member) suddenly sends you a strange file or link, call them by phone. It’s common for attackers to hack someone close to you to exploit trust.
• Suspicious permissions: If you install something and it asks for access to Notifications or Accessibility Services, be very cautious. Malware uses this to read your messages and capture what you type.
• The extra lock: Enable “Two‑step verification” in Settings > Privacy. This adds a password only you know. Even if your number is cloned, they won’t be able to access your account without it.

In short: if someone asks you to install something “to keep talking” or “for security,” be skeptical. Real security never comes through a chat message.

 

[Sorrento]

You would have to be a Edjit to respond to such things you really would, however looking around my town yesterday these people walk among us so