Malware News Kasperksy Uncovers Telegram Flaw Used for Cryptocurrency Mining

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Kasperksy Uncovers Telegram Flaw Used for Cryptocurrency Mining
en.insider.pro/topnews/: Kasperksy Uncovers Telegram Flaw Used for Cryptocurrency Mining

Hackers have been able to exploit a vulnerability in the Telegram messaging app’s desktop client to earn units of cryptocurrencies, according to Kaspersky Lab. The security firm said the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero (XMR/USD), Zcash (ZEC/USD) and others. According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method, which can be used by malware creators to mislead users into downloading malicious files disguised, for example, as images. “Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers,” Kaspersky said. The Lab said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger’s products." “We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab. Kaspersky says its analysis suggests the cybercriminals are of Russian origin, and the company has offered some tips to protect PCs against the attack. Telegram is holding an ICO seeking to raise about $2 billion to create its own blockchain and cryptocurrency.
 
Last edited by a moderator:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Pavel Durov already answered:
However, despite the claims, Telegram founder Pavel Durov scoffed at Kaspersky’s assertions and reassured users that “this is not a real vulnerability” and that “this kind of vulnerability is based on social engineering”.

“The Kaspersky antivirus company claimed today they found a ‘0-day vulnerability on Telegram for Windows’, which affected ‘1000 users before it was fixed’,” Durov said via posts on his personal Telegram channel.

“As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media.”

Durov cited the popular Telegram Geeks channel, where users claimed “no one can remotely take control of your computer or Telegram unless you open a malicious file”.

“So don’t worry, unless you opened a malicious file, you have always been safe,” the users said.
Soruce:Telegram founder downplays Kaspersky's crypto mining hack claims | finder.com
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782

Well, this is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a malicius file.

This kind of vulnerability is based on social engineering (What is Social Engineering? Examples and Prevention Tips).

In fact, it was a .js file hidden on a a .png file, this happened thanks to RTL characters (Right-to-left mark - Wikipedia).

Windows users must click on the Run dialog in order to install the malware.

So don't worry, unless you opened a malicious file, you have always been safe.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,915
So don't worry, unless you opened a malicious file, you have always been safe.
I guess those words of Pavel D. should be in Sarcastic Mode On, aren't They? They are obvious! :ROFLMAO:

The question is: will "average joe" know when an opening file is malicious???
 
Last edited:

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,743
If a malicious file uses windows 10 os to remotely(or somehow) access your computer it's not a window vulnerability.

Actually it is... If you are providing the malware with your credentials then it's social engineering. If it's using a software flaw to allow remote control, such as in this example, it's a software vulnerability.
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Thanks for sharing it.
its a long time that no one Trust Telegram,telegram provided safe space for ISIS and terrorist to increase criminal action:
ISIS using Telegram app to broadcast terror instructions, propaganda
How Telegram Became The App Of Choice For ISIS | HuffPost
another worst news about telegram is that they work with dictatorship country "Enemy of the Freedom and Internet" and installed their server on those countries,for example: ICT minister says Telegram servers moved to Iran and Telegram app agrees to register in Russia, but not to share private...
no one trust them , Mr.Durov is just a "show man" no more...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top