Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users’ computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers’ servers.

Telegram is a popular messaging service. And while its encryption has attracted users whose communications may be less than legal, its popularity has also attracted groups wanting to exploit its many users. Telegram was briefly pulled from Apple’s App Store earlier this month because users were sharing child pornography through it and it has remained a popular mode of communication for members of ISIS despite Telegram’s attempts to prevent it. Last month, Symantec discovered a fraudulent copy of Telegram on Google Play that served users ads as well as another that installed malware onto the systems of those who downloaded it.

Of course, sneaky cryptocurrency mining hijacks are nothing new. Attackers have targeted Android phones, government websites and Showtime’s streaming website, among many others. Kaspersky said it notified Telegram of the issue and it now appears to have been rectified. “The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” Kaspersky Malware Analyst Alexey Firsh said in a statement.

Via: Bloomberg

Source: Kaspersky

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On