No‑Code AI‑Powered Telegram Attack Lets Anyone Control a Remote Bot
A new threat discovered by Palo Alto Networks' Unit42 shows how attackers can use Telegram as a command‑and‑control channel and an LLM to translate natural‑language requests into shell commands, enabling even non‑technical users to remotely control compromised machines while evading traditional detection.
Attack Overview
The trojan replaces custom C2 code with a Telegram bot. The attacker types natural‑language commands into the bot; the bot forwards the text to Groq’s llama‑3.1‑8b‑instant model, which returns a shell command (e.g., hostname or nmap). The command is executed on the victim host and the output is sent back through Telegram, making the entire interaction appear as ordinary Telegram traffic.
Stealth Characteristics
Normal‑looking traffic
All communication uses the public Telegram API ( api.telegram.org) over TLS, indistinguishable from legitimate user traffic. No separate C2 domain or IP exists to block.
Antivirus evasion
As of 2026‑06‑08 the file’s SHA‑256 hash had 0/63 detections on VirusTotal. Because each command is generated on‑the‑fly by the LLM, there is no static signature for traditional AV to match.
File exfiltration mimics normal file sharing
Stolen files are uploaded via Telegram’s file upload feature ( sendDocument), which is indistinguishable from a user sending a document to a contact.
Four‑Stage Attack Flow
Stage 1 – Initial information gathering
On first execution the trojan collects:
Public IP address (via ipify.org)
Operating system name and version
Current logged‑in username
Hostname
The data is sent to the attacker through Telegram before any further commands are issued.
Stage 2 – Telegram bot as the sole C2 channel
The trojan polls the bot every 5 seconds with a 30‑second timeout. Only messages from a pre‑configured “operator Chat ID” are processed, providing a minimal identity check.
Stage 3 – AI translation layer
Each attacker message is forwarded to Groq’s Llama‑3.1‑8B model. The model returns an action token that is either a raw shell command or a built‑in action such as DOWNLOAD_FILE, SCAN_NETWORK or SCAN_PORTS. Unit42 notes that the current limitation to five command formats can be lifted by a simple prompt change, allowing arbitrary code generation.
Stage 4 – Execution and data exfiltration
Windows payloads run via PowerShell; Linux/macOS payloads run via Bash.
Standard output and error are sent back through Telegram messages.
Files are exfiltrated with the sendDocument API (max 50 MB per file).
Network scans cover all RFC 1918 private ranges plus Docker, APIPA, VPN and iPhone‑hotspot subnets.
Indicators of Compromise (IOCs)
File SHA‑256 :
d85a5c2cf466d01e17110ee39ca456b1be0b6514e669d0095d1f77c84a8d98c1LLM API endpoint : hxxps://api.groq[.]com/openai/v1/chat/completions Telegram polling endpoint : hxxps://api.telegram[.]org/bot<token>/getUpdates Telegram sendMessage endpoint : hxxps://api.telegram[.]org/bot<token>/sendMessage Telegram sendDocument endpoint : hxxps://api.telegram[.]org/bot<token>/sendDocument Public IP query : hxxps://api.ipify[.]org LLM model :
llama‑3.1‑8b‑instantThese URLs are legitimate services; they become malicious only when combined with the described trojan behavior. Blocking them indiscriminately is not recommended.
Implications
The technique lowers the entry barrier for cyber‑attacks: an adversary needs only a Telegram account, basic typing ability, and a cheap Groq API key to control compromised hosts. This could enable “rent‑a‑Telegram botnet” services where buyers obtain remote access without technical knowledge.
Defensive Recommendations
Avoid downloading executable files from unknown sources (.exe, .ps1, .sh, etc.).
Enable the system firewall and restrict unnecessary outbound connections.
Keep built‑in security tools (e.g., Windows Defender) active with real‑time protection.
Be cautious of unexpected files received via Telegram, even from known contacts.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Black & White Path
We are the beacon of the cyber world, a stepping stone on the road to security.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
