Unknown attackers used a security hole in the Messenger Telegram in March 2017 to generate cryptocurrencies using third-party computing power. reports cybersecurity company Kaspersky Lab , This affected the desktop app from Telegram for Windows. The Russian company speaks of a “zero-day vulnerability with serious consequences”. As a zero-day vulnerability one calls security gaps that are not yet known to the manufacturer – and therefore could not be fixed by him yet.
Kaspersky writes that a “novel multifunctional malware” has been used, with some of it, including the language used by attackers, pointing to a “Russian cyber criminal background.”
Several handy features for the attackers
The malware allowed attackers to run mining software, security researchers report. She used the computing power of the attacked computer to digitally produce cryptocurrencies like Monero, Zcash, and Fantomcoin.
On the other hand, the malware should have offered the attackers the opportunity to access the infected computer. Thanks to the malicious code, the hackers were thus able to remotely execute commands and, for example, install spy tools. According to Kaspersky, the attacks also included telegram data from those affected, including documents, photos, audio and video.
Meanwhile, the gap seems to have been closed. In any case, Kaspersky reports that they discovered the vulnerability in October 2017 and reported it to Telegram, so that the researchers did not meet the vulnerability anymore.
For users of Telegram and other messengers, Kaspersky researchers generally recommend not downloading or opening any unknown files from unknown sources. In addition, one should generally be careful when sharing confidential information via Instant Messenger.