Telegram-Controlled Malware That Wreaks Havoc on Windows – Remotely and Silently

PROJECTS

Winston.I

4/19/20251 min read

In offense, control is king. I needed something lean — a payload that could silently deploy, hijack, and take full command of a Windows machine — all from the comfort of my Telegram chat.

So I built one.

What's Under the Hood?

This Malware is a modular remote-control implant for Windows systems. It disguises itself as a background process, hides its console window on launch, and waits for instructions via Telegram.

Once deployed, I can:

  • Trigger a Blue Screen of Death

  • Lock or shut down the system instantly

  • Launch system alerts or message floods

  • Trick the user with a fake login prompt and steal credentials

  • Encrypt victim's files and display a ransomware note on lock screen

  • Force a Fullscreen "Windows Update" illusion

  • Drop recursive popups that crash the user computer

All from any device that can access Telegram.

Key Capabilities (a.k.a. Payload Arsenal)

Command Effect

/bsod Triggers Blue Screen of Death that auto-shuts down

/lock Locks workstation /shutdown Instant system shutdown

/message Custom system alert popup

/spam Infinite popup spam

/update Windows Update screen to waste users time

/hydra Self-replicating GUI windows – overloads desktop

/capture Fake login screen, sends password to Telegram

/ransom Encrypts all files, Locks full screen with countdown and Ransom note

/unlock Removes ransom screen

Each one is a weaponized command delivered remotely with zero shell access. Just one click in Telegram and the payload reacts instantly.

Credential Capture — Silent and Slick

The /capture command is my favorite. It launches a full screen "Your session has expired" window and prompts the user to re-enter their password.

No local logs. No output. Just Telegram DM delivery. Real-time password harvesting disguised as a system timeout? Perfect for insider phishing campaigns.

Locking Them Out

The /ransom command encrypts all files, locks full screen with countdown and displays Ransom note.

It locks the user’s screen with a fullscreen window and a ticking countdown. You set the duration. You control the message. Until the /unlock command is issued, the system stays visually hijacked.

Designed for Stealth

  • Hides console window on launch

  • Runs in the background using threading

  • No popups on startup

  • Requires no admin privileges for commands

  • Doesn’t spawn CMD or PowerShell