T-RAT 2.0 Telegram-controlled RAT, a new security threat

Vlad Constantinescu
by Vlad Constantinescu
VPN Expert & Privacy Advocate
0 Comments
Download PDF
Affiliate Disclosure

  • T-RAT 2.0 is a new version of the T-RAT Remote Access Trojan and it can be controlled through a Telegram channel.
  • Reportedly, T-RAT 2.0 can perform various malicious operations, such as retrieving passwords, recording through your webcam, and logging keystrokes.
  • Visit our Update & Security section for more helpful guides on keeping your PC safe.
  • Check out our Antivirus Software Hub if you need more tools & tips on protecting your PC.
T-RAT 2.0 Telegram-Controlled Trojan

T-RAT 2.0, a new Remote Access Trojan (RAT), is being advertised on Russian hacking forums, as security experts recently discovered.

Reportedly, the RAT can be purchased for merely $45, but that’s not what makes it shine.

As opposed to other similar services, T-RAT 2.0 enables malevolent agents to control compromised systems through Telegram channels, instead of web administration panels.

What is T-RAT 2.0?

Remote Access Trojan

T-RAT 2.0 is simply one of the latest Remote Access Trojans on the market. How this type of malware works is granting the attacker remote access to your machine.

What hackers can do from that point strictly depends on their skills and the capabilities of the RAT as well.

Some RATs are designed just to mess with the targets (e.g. open their CD tray, turn off their monitor, disable their input devices), but other ones (T-RAT included) are downright evil.

Apparently, here’s what T-RAT 2.0 can do to your system, once it infects it:

  • Retrieve cookies and passwords from your browser
  • Grant the attacker full access to your file system
  • Perform audio recordings (requires an audio input device such as a microphone)
  • Log your keystrokes
  • Disable your Taskbar
  • Use your webcam to perform video recordings or take pictures
  • Fetch clipboard content
  • Snap screenshots of your current view
  • Disable your Task Manager
  • Hijack transactions for several services, including Ripple, Dogecoin, Qiwi, and Yandex.Money
  • Execute CMD & PowerShell commands
  • Restrict your access to various websites and services
  • Forcefully terminate processes on your computer
  • Use RDP and/or VNC to perform additional remote control operations

More so, it’s compatible with most Chromium-based browsers (v80 and up), and its Stealer component supports the following apps:

Previous RATs also used Telegram as C&C

Although the thought of controlling a RAT through Telegram seems novel, it’s quite far from that.

In the past few years, many similar malware relied on Telegram as their command & control center. Some of them include:

  • Telegram-RAT
  • HeroRAT
  • TeleRAT
  • RATAttack

Having a Telegram C&C for a RAT is appealing for most hackers, as it can grant them access to infected systems, regardless of location.

The fact that they no longer need desktop or laptops for attacks provides them with a new level of freedom and mobility.


How do you protect your Windows PC against threats such as T-RAT 2.0? Share your opinion with us in the comments section below.