Toxiceye.rar

The file is sent via phishing emails. If opened, it installs a hidden file at C:\Users\ToxicEye\rat.exe .

Terminate active processes and take over the Task Manager. ToxicEye.rar

Can delete, transfer, or encrypt files for ransom (AES-256 encryption). The file is sent via phishing emails

The bot token is embedded into the ToxicEye configuration and compiled into an executable (.exe). steal user data

is a multi-functional Remote Access Trojan (RAT) that uses Telegram as its command-and-control (C2) infrastructure. This malware is typically spread through phishing emails containing a malicious executable file disguised as legitimate documents (e.g., "paypal checker by saint.exe"). Core Capabilities

For further technical details, researchers at Check Point Research and The Hacker News have published comprehensive analyses of this threat. ToxicEye RAT hits Telegram app to spy, steal user data