No‑Code AI‑Powered Telegram Attack Lets Anyone Control a Remote Bot

A new threat discovered by Palo Alto Networks' Unit42 shows how attackers can use Telegram as a command‑and‑control channel and an LLM to translate natural‑language requests into shell commands, enabling even non‑technical users to remotely control compromised machines while evading traditional detection.

Black & White Path
Black & White Path
Black & White Path
No‑Code AI‑Powered Telegram Attack Lets Anyone Control a Remote Bot

Attack Overview

The trojan replaces custom C2 code with a Telegram bot. The attacker types natural‑language commands into the bot; the bot forwards the text to Groq’s llama‑3.1‑8b‑instant model, which returns a shell command (e.g., hostname or nmap). The command is executed on the victim host and the output is sent back through Telegram, making the entire interaction appear as ordinary Telegram traffic.

Stealth Characteristics

Normal‑looking traffic

All communication uses the public Telegram API ( api.telegram.org) over TLS, indistinguishable from legitimate user traffic. No separate C2 domain or IP exists to block.

Antivirus evasion

As of 2026‑06‑08 the file’s SHA‑256 hash had 0/63 detections on VirusTotal. Because each command is generated on‑the‑fly by the LLM, there is no static signature for traditional AV to match.

File exfiltration mimics normal file sharing

Stolen files are uploaded via Telegram’s file upload feature ( sendDocument), which is indistinguishable from a user sending a document to a contact.

Four‑Stage Attack Flow

Stage 1 – Initial information gathering

On first execution the trojan collects:

Public IP address (via ipify.org)

Operating system name and version

Current logged‑in username

Hostname

The data is sent to the attacker through Telegram before any further commands are issued.

Stage 2 – Telegram bot as the sole C2 channel

The trojan polls the bot every 5 seconds with a 30‑second timeout. Only messages from a pre‑configured “operator Chat ID” are processed, providing a minimal identity check.

Stage 3 – AI translation layer

Each attacker message is forwarded to Groq’s Llama‑3.1‑8B model. The model returns an action token that is either a raw shell command or a built‑in action such as DOWNLOAD_FILE, SCAN_NETWORK or SCAN_PORTS. Unit42 notes that the current limitation to five command formats can be lifted by a simple prompt change, allowing arbitrary code generation.

Stage 4 – Execution and data exfiltration

Windows payloads run via PowerShell; Linux/macOS payloads run via Bash.

Standard output and error are sent back through Telegram messages.

Files are exfiltrated with the sendDocument API (max 50 MB per file).

Network scans cover all RFC 1918 private ranges plus Docker, APIPA, VPN and iPhone‑hotspot subnets.

Indicators of Compromise (IOCs)

File SHA‑256 :

d85a5c2cf466d01e17110ee39ca456b1be0b6514e669d0095d1f77c84a8d98c1

LLM API endpoint : hxxps://api.groq[.]com/openai/v1/chat/completions Telegram polling endpoint : hxxps://api.telegram[.]org/bot<token>/getUpdates Telegram sendMessage endpoint : hxxps://api.telegram[.]org/bot<token>/sendMessage Telegram sendDocument endpoint : hxxps://api.telegram[.]org/bot<token>/sendDocument Public IP query : hxxps://api.ipify[.]org LLM model :

llama‑3.1‑8b‑instant
These URLs are legitimate services; they become malicious only when combined with the described trojan behavior. Blocking them indiscriminately is not recommended.

Implications

The technique lowers the entry barrier for cyber‑attacks: an adversary needs only a Telegram account, basic typing ability, and a cheap Groq API key to control compromised hosts. This could enable “rent‑a‑Telegram botnet” services where buyers obtain remote access without technical knowledge.

Defensive Recommendations

Avoid downloading executable files from unknown sources (.exe, .ps1, .sh, etc.).

Enable the system firewall and restrict unnecessary outbound connections.

Keep built‑in security tools (e.g., Windows Defender) active with real‑time protection.

Be cautious of unexpected files received via Telegram, even from known contacts.

Telegram + AI no‑code attack diagram
Telegram + AI no‑code attack diagram
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

AIThreat IntelligenceMalwareTelegramNo-code attack
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.