Hackers target Telegram app to inject cryptocurrency-mining malware: Report

The malware designed to trick users of Telegram’s desktop computer software into enlisting their machines to mine cryptocurrencies like Monero and Zcash

By: REUTERS
| Updated on: Feb 14 2018, 10:37 IST
Hackers target popular encrypted messaging app Telegram to mine cryptocurrencies like Monero and Zcash
Hackers target popular encrypted messaging app Telegram to mine cryptocurrencies like Monero and Zcash (AFP)

Previously undetected malware directed at users of the desktop version of the messaging app Telegram has been discovered by the Russian security firm Kaspersky Lab, Kaspersky said on Tuesday.

The malicious software has been used to target Russian users since March 2017, Kaspersky said in a statement. It was designed to trick users of Telegram's desktop computer software into enlisting their machines to mine cryptocurrencies like Monero and Zcash.

You may be interested in

MobilesTablets Laptops
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Telegram ranks as the world's ninth most popular mobile messaging app and expects to hit 200 million users during the first quarter of 2018, according to a recent white paper by the company. Only its desktop computer version was targeted.

Also read
Looking for a smartphone? To check mobile finder click here.

The malware exploited a feature that allows its messaging software to recognise Arabic and Hebrew language text, which is read right to left.

By using a hidden character in the feature that reversed the order of the characters, the attackers could rename a file, triggering the installation of the malware. Examples of the malicious software were only found in Russia, Kaspersky said.

Kaspersky Lab said clues found in the code indicate connections to Russian cybercriminals. It said such messaging app vulnerabilities are not unique to Telegram, noting that last month it had found a way for hackers to steal WhatsApp messages.

Kaspersky said it had reported the vulnerability to Telegram in October and the issue appears to have been fixed.

In a statement posted on an a Telegram technical channel, the company said the attack was a form of social engineering that only worked if a user was tricked into downloading an image file. It was fixed by Telegram in November, the post said.

"This is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a (malicious) file," Telegram said.

Telegram is preparing the biggest initial coin offering, in a private sale of tokens, which could be traded as an alternative currency, similar to Bitcoin or Ethereum, an investment proposal seen by Reuters showed. The offering could raise up to $2 billion, according to media reports.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 14 Feb, 10:34 IST
NEXT ARTICLE BEGINS