Hackers Exploit Telegram To Spread Cryptocurrency Mining Malware: Are You Affected?

World’s First Cryptocurrency Pop Group Makes Live Performance Debut In Japan
A Russian cybercriminal group exploited a zero-day vulnerability within Telegram to spread a multipurpose malware. They were able to create a backdoor and mine for cryptocurrency on affected systems.  ( Carl Court | Getty Images )

Yet another incident has added to the growing perception that Telegram, a supposedly encrypted messaging app, simply isn't as secure as it purports to be.

A zero-day vulnerability in Telegram Messenger allowed hackers and bad actors to spread a new type of malware that's able to do a range of tremendously invasive tasks, from creating a backdoor trojan to secretly mining for cryptocurrency — including Monero, ZCash, and Fantomcoin.

The attackers took advantage of a previously undiscovered vulnerability within the Windows version of Telegram, and the behavior was spotted by security firm Kaspersky Lab.

Russian Cybercriminal Group Behind The Attacks

The only people who knew about the said vulnerability were the Russian cybercriminal group, security researchers believe, and they've been using it to distribute the multipurpose malware since March 2017. However, it remains uncertain whether the vulnerability existed much earlier.

Users were tricked into downloading malicious software onto their desktops that used their processing power to mine cryptocurrency under-the-table, or serve as a backdoor which attackers can enter to remotely control devices, according to Kaspersky. Additionally, Kaspersky researchers also found archives with cache of Telegram data that seems to have been stolen from unsuspecting users.

"According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew," Kaspersky explained. "Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images."

Kaspersky said it has reported the vulnerability to Telegram and has not observed the vulnerability being exploited since.


Telegram is one of the most popular messaging platforms, and one of the few ones that offer encryption, like WhatsApp. Encryption is a complex subject, but to keep it simple, it simply makes sure that the sender and the receiver are the only ones who'll see their own messages and that their conversations won't be intercepted by anyone else, including hackers.

Pavel Durov founded Telegram in 2013, marketing it as a highly secure messaging client that offers encryption. But the app has run into several security flaws since its release. For starters, in March 2017 hackers were able to hijack accounts using only one image; and in August 2016 Telegram had a massive breach due to an SMS vulnerability.

To avoid being infected with malware, always make sure to remain suspect of programs that asks you to download certain files, especially if they come from untrusted sources. Also, when a software claims that a new update is available to download, check the internet, especially forums dedicated to that software, if an update has indeed been released.

© 2018 Tech Times, All rights reserved. Do not reproduce without permission.

From Our Sponsor

Entropia Universe Gaming Achievements: Guinness World Records, Investor Successes, And More

Entropia Universe, launched in 2003, has come a long way, earning both the game as well as its creator, several accolades. We take a look at some of the achievements.
Real Time Analytics