Home Malware GoodSender Malware – A Flaw in Telegram Bot API
GoodSender Malware – A Flaw in Telegram Bot API GoodSender Malware – A Flaw in Telegram Bot API
Malware | 02/05/2019

GoodSender Malware – A Flaw in Telegram Bot API

When was the last time you checked your PC health? Do you know your PC requires a regular Check Up!!!

Remove GoodSender Malware - Malware That Uses Telegram

Recently many cybersecurity firms reported a vulnerability in Telegram Bot API due to which cyberattackers started gaining access to Telegram C2 messages.

Telegram is known for its high-end security and encryption but it seems that the popular messaging app got compromised by the Windows cyberthreat GoodSender malware.

About 120 users globally affected due to Telegram Bot API encryption vulnerability. The app doesn’t use the same type of message encryption, which it uses for the general platform.

On contrary to this, GoodSender is a malware that uses Telegram encrypted messaging service vulnerability to access users chat_ids, messages, passwords and the IP addresses.

A weakness in the encryption of messages gave problems to Telegram chatbots, used for automated communications and updates between Telegram and users.

But, the malware GoodSender used Telegram as a command and control infrastructure to peer into messages and the entire message history.

The Telegram Bot API aren’t secured using an encryption protocol. Alternatively, it uses Transport Layer Security (TLS) protocol in HTTPS where the data shared between bots and users are non-confidential in the first place.

malware crusher

According to experts, a TLS can’t alone ensure robust encryption as per today's secure communication standards. But, Telegram uses MTProto encryption protocols for regular messages and chatbots.

Thus, a cyberattacker or groups of hackers successfully performed MiTM (man-in-the-middle attack) attacks, targeted the stored data via Goodsender malware and accessed the messages. Research experts found this active malware exploiting Telegram encryption and C2 channels.

Evidently, it is important to delete this data-stealing threat before it starts infecting Telegram’s 200 million active users.

Also, Read: How to Remove Lameterthenhep.info Pop up Ads from Browser?

How to Delete GoodSender Malware?

It is a .Net malware if once dropped in the computer, creates a new administrator user and make sure firewall doesn’t block it. The username is static for the new admin but the password generated randomly.

GoodSender works when a remote desktop connection to the infected machine is enabled. Telegram Bot then allow malware to communication Telegram profiles and discover message history.

Now that admin scans messages of several other users and uses the flaw in security measures to target more users. To avoid this user must avoid joining groups or channels on Telegram which have bots presenting any security risks until the app resolves this issue.

Somehow this malware has entered into your computer and successfully infiltrated the security vulnerabilities. There are high chances that it could have installed other malicious file and programs on the computer without letting you know.

Malware attackers are very advanced and had learned to gain illegal access to the computer. The variants of malware are now more adaptable, resilient and damaging. On the other hand, in the era of cyber warfare, it is difficult to stop cyber attacks by using common antivirus software.

NOTE: If your computer doesn’t have such security software, then download ITL Total Security and Malware Crusher to prevent malware attacks on your system. Both are reputable, vigilant and robust in creating a shield 24X7 against any computer threat.

These tools are highly recommended if you are willing to give advanced security to your PC. Their 5-minute function could be a savior for your computer!

malware crusher

Tips to Prevent virus and malware from Infecting Your System:
  1. Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
    So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for ChromeMozilla, and IE
  2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
  3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
  4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
  5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool


#include file="../statichtml/static_notification.html"