Latest in Gear

Image credit:

Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky said they exploited a vulnerability in the desktop version of Telegram.
Share
Tweet
Share

Sponsored Links

Thomas Trutschel via Getty Images

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users' computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers' servers.

Telegram is a popular messaging service. And while its encryption has attracted users whose communications may be less than legal, its popularity has also attracted groups wanting to exploit its many users. Telegram was briefly pulled from Apple's App Store earlier this month because users were sharing child pornography through it and it has remained a popular mode of communication for members of ISIS despite Telegram's attempts to prevent it. Last month, Symantec discovered a fraudulent copy of Telegram on Google Play that served users ads as well as another that installed malware onto the systems of those who downloaded it.

Of course, sneaky cryptocurrency mining hijacks are nothing new. Attackers have targeted Android phones, government websites and Showtime's streaming website, among many others. Kaspersky said it notified Telegram of the issue and it now appears to have been rectified. "The popularity of instant messenger services is incredibly high, and it's extremely important that developers provide proper protection for their users so that they don't become easy targets for criminals," Kaspersky Malware Analyst Alexey Firsh said in a statement.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Disney has no idea what it's doing with 'Mulan'

Disney has no idea what it's doing with 'Mulan'

View
Instagram 'bug' heavily favored Trump content over Biden for months

Instagram 'bug' heavily favored Trump content over Biden for months

View
Samsung will offer an Xbox Game Pass Bundle with the Note 20

Samsung will offer an Xbox Game Pass Bundle with the Note 20

View
What you need to know about the new Galaxy Note 20 and Note 20 Ultra

What you need to know about the new Galaxy Note 20 and Note 20 Ultra

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr