Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Telegram-Based ResokerRAT Threatens Windows Security

Telegram-Based ResokerRAT Threatens Windows Security

Posted on March 31, 2026 By CWS

A newly discovered remote access trojan, ResokerRAT, leverages Telegram’s bot API for covertly controlling infected Windows computers. This malware differentiates itself by circumventing traditional command-and-control servers, opting instead for a trusted messaging platform to transmit commands and retrieve stolen information. This tactic complicates detection efforts for conventional network security solutions.

Unconventional Communication Methods

Unlike typical malware, ResokerRAT exploits Telegram to establish its communication channel. By using the Telegram Bot API, the malware receives instructions and sends data back to its operators, making it challenging for security systems to recognize and block its activities. The trojan is delivered through an executable file named Resoker.exe, which, upon execution, initiates background operations such as establishing persistence and requesting elevated privileges.

Once active, ResokerRAT can perform a range of harmful tasks, including capturing screenshots, downloading further payloads, and disabling security notifications. Analysts from K7 Security Labs have identified its initial action as creating a mutex, ‘GlobalResokerSystemMutex,’ to ensure only one instance operates simultaneously. Additionally, the malware checks for debugger presence, interrupting analysis if detected.

Technical Tactics and Persistence

To extend its infiltration, ResokerRAT attempts to relaunch with administrative rights using the ‘runas’ option. If successful, it closes the original instance and resumes operation under elevated privileges. In failure cases, it reports errors back via the Telegram bot. The malware also terminates processes of common analysis tools, obstructing forensic efforts.

ResokerRAT’s persistence is achieved by embedding itself into the Windows registry under the ‘Run’ key, ensuring execution at startup. This method allows it to remain operational even after system reboots, with the malware confirming its startup configuration to the attacker through Telegram.

Security Recommendations and Precautions

Security experts advise monitoring for unauthorized registry entries and suspicious HTTPS traffic to ‘api.telegram.org’ as preventive measures against ResokerRAT. Ensuring systems are current with patches, avoiding untrusted executable files, and being vigilant for sudden Task Manager access issues are critical in mitigating infection risks.

In summary, ResokerRAT exemplifies a sophisticated cyber threat employing unconventional communication channels to evade detection. Continuous vigilance and proactive security practices are essential to safeguard systems against such evolving threats.

Cyber Security News Tags:command-and-control, Cybersecurity, malware detection, network security, persistence mechanisms, remote access trojan, ResokerRAT, screenshot capture, Telegram, Windows malware

Post navigation

Previous Post: Exploitation of Fortinet FortiClient Vulnerability Begins
Next Post: Security Flaw in Vertex AI Risks Google Cloud Data

Related Posts

Microsoft Highlights Security Risks in Claude Code GitHub Action Microsoft Highlights Security Risks in Claude Code GitHub Action Cyber Security News
FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof Cyber Security News
New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs Cyber Security News
Ransomware Campaign Mimics Akira in South America Ransomware Campaign Mimics Akira in South America Cyber Security News
RingReaper Malware Attacking Linux Servers Evading EDR Solutions RingReaper Malware Attacking Linux Servers Evading EDR Solutions Cyber Security News
A Buyer’s Guide for CISOs A Buyer’s Guide for CISOs Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Severe Bugs in AI Code Editor Risk System Intrusion
  • India Suspends WhatsApp Usernames Over Security Issues
  • Adobe Tackles Major Security Flaws in ColdFusion and Campaign
  • Critical RCE Vulnerabilities Found in Cursor IDE
  • Ousaban Trojan Targets Iberian Banks with PDF Traps

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Severe Bugs in AI Code Editor Risk System Intrusion
  • India Suspends WhatsApp Usernames Over Security Issues
  • Adobe Tackles Major Security Flaws in ColdFusion and Campaign
  • Critical RCE Vulnerabilities Found in Cursor IDE
  • Ousaban Trojan Targets Iberian Banks with PDF Traps

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark