Telegram was exploited to infect users with mining malware

Hackers Use Telegram Exploit to Infect Users with Cryto Mining Malware

The ongoing cryptojacking trend recently got to popular messaging app Telegram. According to Kaspersky Labs, a Russian multinational cybersecurity and antivirus provider, hackers exploited a vulnerability in Telegram’s desktop app and inserted cryptocurrency mining scripts on its users’ computers. These parasitic scripts were then used to mine privacy-centric cryptocurrencies, including Zcash and Monero.

Hackers managed to use a zero-day vulnerability in Telegram, which was based on the app’s feature, to recognize Arabic and Hebrew. These languages are written right to left, and the code that allows its recognition was used by malware creators to get users to download malicious files.

Using a hidden character in the code that allows their order to be reversed, the attackers could rename the file, so as to trick users. The harmful software was seemingly only found in Russia, according to Kaspersky.

Notably, the crypto mining scripts were also used as a backdoor that gave hackers remote access to their victims’ computers. This also allowed them to steal user info. Kaspersky’s blog post reads:

“By using the victim’s PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others. Moreover, while analyzing a threat actor’s servers, Kaspersky Lab researchers found archives containing a Telegram local cache that had been stolen from victims.”

Telegram isn’t the only vulnerable app

Researchers noted that the vulnerability was being used to target Russian Telegram users since March 2017. Kaspersky eventually found out and reported it to the messaging app in October. By November, the post says, the problem was fixed.

Telegram is currently the world’s ninth most popular mobile messaging app. It is expected to reach 200 million users in the first quarter of 2018. The company is set to launch one of the biggest initial coin offerings (ICO) ever seen. According to various reports, the company could raise up to $2 billion through its token sale.

Although only Telegram’s desktop version was affected, researchers note other messaging apps are also vulnerable. Per Kaspersky, a vulnerability that allowed hackers to steal WhatsApp messages was found last month.

Responding to the news, Telegram stated:

“This is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a (malicious) file.”

Users can protect themselves from the ongoing cryptojakcing trend by using anti-malware tools on their computers. Moreover, while browsing the web, browsers like Opera and Brave feature built-in tools that block cryptocurrency miners on websites.