Previously undetected malware targeted at users of the desktop version of the Telegram messaging app has been discovered by Russian security firm Kaspersky Lab, Kaspersky announced on Tuesday.
The malware has been used to target Russian users since March 2017, Kaspersky said in a declaration. It was designed to entice users of Telegram’s desktop computing software to enlist their machines to mine cryptocurrencies like Monero and Zcash.
Telegram is the ninth most popular mobile messaging app in the world and is expected to reach 200 million users in the first quarter of 2018, according to a recent white paper from the company. Only its desktop version was targeted.
The malware exploited a feature that allows its email software to recognize Arabic and Hebrew text, which can be read from right to left.
By using a hidden character in the feature that reversed the order of characters, attackers could rename a file, triggering the installation of the malware. Examples of malware have only been found in Russia, Kaspersky said.
Kaspersky Lab said that clues found in the code indicate links to Russian cybercriminals. He said these messaging app vulnerabilities are not unique to Telegram, noting that last month he found a way for hackers to steal WhatsApp messages.
Kaspersky said it reported the vulnerability to Telegram in October and the issue appears to have been resolved.
In a statement posted on a Telegram tech channel, the company said the attack was a form of social engineering that only worked if a user was tricked into downloading an image file. It was corrected by Telegram in November, the post said.
“It’s not a real vulnerability on Telegram Desktop, no one can take remote control of your computer or Telegram unless you open a (malicious) file,” Telegram said.
Telegram is preparing the largest initial coin offering, in a private token sale, which could be traded as an alternative currency, similar to Bitcoin or Ethereum, an investment proposal seen by Reuters showed. The offer could raise up to $ 2 billion, according to media reports.[related-posts]
source: Thomson Reuters 2018