Windows Telegram IM client 0-Day Used to Spread Monero and Zcash Mining Malware

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware, researchers from Kaspersky Lab plan to reveal today.

The zero-day has been fixed in the meantime, but Kaspersky researcher Alexey Firsh says crooks appear to have used the flaw for months before he discovered it last October.

Users got backdoors, spyware, but mostly miners
Users clicked and ran the file thinking it was an image, but in reality, they executed a JavaScript file that downloaded and installed malware on their system.

In the campaigns Firsh was able to track down, crooks used the Telegram zero-day to install malware that secretly mined cryptocurrency on users' computers. The crooks focused their efforts on mining Monero, Zcash, and Fantomcoin primarily.

Frish also discovered cases where crooks installed a backdoor trojan (controllable via the Telegram API) and other spyware tools, but in most cases, the malware authors focused on deploying crypto-mining malware.

Telegram zero-day exploited only in Russia
The zero-day vulnerability is not really that innovative and works based on an old trick, known for at least half a decade, first detailed in a 2013 F-Secure report.

According to Firsh, the zero-day saw limited use and was only exploited by a Russian-based actor.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top