Tech »  Topic »  Triton RAT Uses Telegram for Remote System Access and Control

Triton RAT Uses Telegram for Remote System Access and Control

1 day, 15 hours ago   gbhackers

Cado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration.

This open-source malware, available on GitHub, is designed to execute a wide range of malicious activities, including credential theft, system control, and persistence establishment.

Technical Overview

Triton RAT initiates its operation by retrieving a Telegram Bot token and chat ID encoded in Base64 from Pastebin.

Telegram token and chat ID encoded in Base64

These credentials enable the malware to communicate with a Telegram bot, which serves as the command-and-control (C2) server.

The RAT is equipped with an extensive feature set, including keylogging, webcam access, clipboard data theft, and the ability to steal saved passwords and Roblox security cookies.

Notably, Roblox cookies (.ROBLOSECURITY) are targeted across multiple browsers like Chrome, Edge, Firefox, and Brave.

These cookies can bypass two-factor authentication (2FA) to gain unauthorized access to ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE