Hackers Exploit Telegram To Spread Cryptocurrency Mining Malware: Are You Affected?

Carl Velasco, Tech Times 14 February 2018, 09:02 am

Yet another incident has added to the growing perception that Telegram, a supposedly encrypted messaging app, simply isn't as secure as it purports to be.

A zero-day vulnerability in Telegram Messenger allowed hackers and bad actors to spread a new type of malware that's able to do a range of tremendously invasive tasks, from creating a backdoor trojan to secretly mining for cryptocurrency — including Monero, ZCash, and Fantomcoin.

The attackers took advantage of a previously undiscovered vulnerability within the Windows version of Telegram, and the behavior was spotted by security firm Kaspersky Lab.

Russian Cybercriminal Group Behind The Attacks

The only people who knew about the said vulnerability were the Russian cybercriminal group, security researchers believe, and they've been using it to distribute the multipurpose malware since March 2017. However, it remains uncertain whether the vulnerability existed much earlier.

Users were tricked into downloading malicious software onto their desktops that used their processing power to mine cryptocurrency under-the-table, or serve as a backdoor which attackers can enter to remotely control devices, according to Kaspersky. Additionally, Kaspersky researchers also found archives with cache of Telegram data that seems to have been stolen from unsuspecting users.

"According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew," Kaspersky explained. "Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images."

Kaspersky said it has reported the vulnerability to Telegram and has not observed the vulnerability being exploited since.

Telegram is one of the most popular messaging platforms, and one of the few ones that offer encryption, like WhatsApp. Encryption is a complex subject, but to keep it simple, it simply makes sure that the sender and the receiver are the only ones who'll see their own messages and that their conversations won't be intercepted by anyone else, including hackers.

Pavel Durov founded Telegram in 2013, marketing it as a highly secure messaging client that offers encryption. But the app has run into several security flaws since its release. For starters, in March 2017 hackers were able to hijack accounts using only one image; and in August 2016 Telegram had a massive breach due to an SMS vulnerability.

To avoid being infected with malware, always make sure to remain suspect of programs that asks you to download certain files, especially if they come from untrusted sources. Also, when a software claims that a new update is available to download, check the internet, especially forums dedicated to that software, if an update has indeed been released.