For further technical details, researchers at Check Point Research and The Hacker News have published comprehensive analyses of this threat. ToxicEye RAT hits Telegram app to spy, steal user data
Look for the file path C:\Users\ToxicEye\rat.exe on your system.
Deploys keyloggers to record every keystroke. How the Attack Works Bot Creation: Attackers create a dedicated Telegram bot. ToxicEye.rar
The file is sent via phishing emails. If opened, it installs a hidden file at C:\Users\ToxicEye\rat.exe .
The bot token is embedded into the ToxicEye configuration and compiled into an executable (.exe). For further technical details, researchers at Check Point
Watch for unusual traffic to Telegram servers from devices that do not have the app installed.
Never open .exe or .doc attachments from unknown senders, especially those that ask you to "Enable Content". How the Attack Works Bot Creation: Attackers create
Terminate active processes and take over the Task Manager.
