Latest in Gear

Image credit: Thomas Trutschel via Getty Images

Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky said they exploited a vulnerability in the desktop version of Telegram.
358 Shares
Share
Tweet
Share
Save

Sponsored Links

Thomas Trutschel via Getty Images

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users' computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers' servers.

Telegram is a popular messaging service. And while its encryption has attracted users whose communications may be less than legal, its popularity has also attracted groups wanting to exploit its many users. Telegram was briefly pulled from Apple's App Store earlier this month because users were sharing child pornography through it and it has remained a popular mode of communication for members of ISIS despite Telegram's attempts to prevent it. Last month, Symantec discovered a fraudulent copy of Telegram on Google Play that served users ads as well as another that installed malware onto the systems of those who downloaded it.

Of course, sneaky cryptocurrency mining hijacks are nothing new. Attackers have targeted Android phones, government websites and Showtime's streaming website, among many others. Kaspersky said it notified Telegram of the issue and it now appears to have been rectified. "The popularity of instant messenger services is incredibly high, and it's extremely important that developers provide proper protection for their users so that they don't become easy targets for criminals," Kaspersky Malware Analyst Alexey Firsh said in a statement.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
358 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best mobile devices for students

The best mobile devices for students

View
'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

View
Porsche streamlines the Taycan EV’s infotainment system

Porsche streamlines the Taycan EV’s infotainment system

View
Lenovo’s Smart Clock becomes a more capable home hub

Lenovo’s Smart Clock becomes a more capable home hub

View
Wirecutter's best deals: Save $60 on an Acer Chromebook 11

Wirecutter's best deals: Save $60 on an Acer Chromebook 11

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr