Vulnerability on Telegram Desktop Application

For the cybersecurity company Kaspersky Labs, there is no doubt: hackers have used a zero-day vulnerability to infect the computer of some users with cryptocurrency mining malware.

They would have managed to undermine anonymous digital assets, such as Monero or Zcash - digital currencies that allow them to hide their identity.

Kaspersky Labs, however, indicates that only the "desktop" application of Telegram has been targeted.

This attack is part of a wave of "cryptojacking", which allows hackers to divert devices to their benefit. A few days ago, we learned that hackers managed to divert millions of Android devices to mine Monero.

The Pirate Bay logoThis trend seems to have been driven by the "torrents" site The Pirate Bay. In search of alternative sources of revenue, its owners had decided to temporarily put in place a mining script - a script that made it possible to use the computing power of visitors' machines to mine Monero.

According to the results of the study conducted by Kaspersky Labs, hackers started in March 2017 to exploit the vulnerability present on the desktop application of Telegram.

To do this, they relied on the functionality that allows the software to recognize texts written in Arabic and Hebrew - right-to-left languages ​​- which gave them the ability to rename certain files. Thus they were able to use some computers to mine cryptocurrencies, and potentially access infected machines.

In one such attack, the researchers found an archive containing a local Telegram cache that had been stolen from a victim.

Here is what we read in the Kaspersky Labs article:

"After the installation, the software started operating in 'silent mode', which allowed the malicious agent to not be detected by the network. He was able to perform various commands, including installing spyware.

By relying on some clues contained in its computer code. Kaspersky believes that this malware would have been developed in Russia.

The company adds that Telegram is not the only messaging application to be exposed to a loophole: it was able to discover last month on WhatsApp the exploitation of a security breach that allowed hackers to have access to certain messages.

Finally, the Russian company had alerted Telegram last October. She told him a month later that she had managed to fix it.

For Telegram's founder, it's not a real vulnerability

Pavel DurovBut for Telegram, it is not, strictly speaking, the exploitation of a security breach, but rather a form of social engineering.

Pavel Durov, the founder of Telegram, said it was not "a real vulnerability of Telegram Desktop", because it is impossible to remotely access a user's computer or his Telegram account if he has not opened any malicious files.

He also states that the statements of Kaspersky Labs would be "exaggerated":

"As always, reports from companies designing anti-virus software should be viewed with some hindsight, as they may tend to exaggerate the seriousness of the flaws they may have found in order to gain media exposure. generalists ".

Telegram is currently working on an ICO to fund a new and extremely ambitious blockchain project.

It aims to raise, at first, at least 500 million dollars. It aims to implement the "Gram", a digital asset that will be the native currency of the Telegram Open Network (TON) ecosystem. It will be integrated directly into the Telegram platform - a platform that should soon reach the threshold of 200 million users.