The bot token is embedded into the ToxicEye configuration and compiled into an executable (.exe).
Deploys keyloggers to record every keystroke. How the Attack Works Bot Creation: Attackers create a dedicated Telegram bot. ToxicEye.rar
Hijacks the PC’s microphone and camera to record audio and video. The bot token is embedded into the ToxicEye
The malware grants attackers nearly full control over a victim's machine: steal user data
The file is sent via phishing emails. If opened, it installs a hidden file at C:\Users\ToxicEye\rat.exe .
For further technical details, researchers at Check Point Research and The Hacker News have published comprehensive analyses of this threat. ToxicEye RAT hits Telegram app to spy, steal user data