Zero-day vulnerability in Telegram
Cybercriminals exploited Telegram flaw to launch multipurpose attacks.
In October 2017, Kaspersky found a vulnerability in Telegram Desktop for Windows.
▶️ This vulnerability was fixed by Telegram Team on November 2017.
— Cases where it was actually exploited
1️⃣ The exploit was used to deliver mining software, allowing hackers to use the victim’s machine to mine cryptocurrency including “Monero, Zcash, Fantomcoin and others.
2️⃣ A backdoor was installed allowing cybercriminals to gain remote access to the victim’s computer after which it started to “operate in a silent mode,” allowing “the threat actor to remain unnoticed in the network and execute different commands, including the further installation of spyware tools.”
— Conclusion
It appears that only Russian cybercriminals were aware of this vulnerability, with all the exploitation cases that we detected occurring in Russia. Also, while conducting a detailed research of these attacks we discovered a lot of artifacts that pointed to involvement by Russian cybercriminals.
We don’t have exact information about how long and which versions of the Telegram products were affected by the vulnerability. What we do know is that its exploitation in Windows clients began in March 2017. We informed the Telegram developers of the problem, and the vulnerability no longer occurs in Telegram’s products.
🌐 Source: Secure List
via @TGLive
ℹ️ @geeksChannel
Cybercriminals exploited Telegram flaw to launch multipurpose attacks.
In October 2017, Kaspersky found a vulnerability in Telegram Desktop for Windows.
▶️ This vulnerability was fixed by Telegram Team on November 2017.
— Cases where it was actually exploited
1️⃣ The exploit was used to deliver mining software, allowing hackers to use the victim’s machine to mine cryptocurrency including “Monero, Zcash, Fantomcoin and others.
2️⃣ A backdoor was installed allowing cybercriminals to gain remote access to the victim’s computer after which it started to “operate in a silent mode,” allowing “the threat actor to remain unnoticed in the network and execute different commands, including the further installation of spyware tools.”
— Conclusion
It appears that only Russian cybercriminals were aware of this vulnerability, with all the exploitation cases that we detected occurring in Russia. Also, while conducting a detailed research of these attacks we discovered a lot of artifacts that pointed to involvement by Russian cybercriminals.
We don’t have exact information about how long and which versions of the Telegram products were affected by the vulnerability. What we do know is that its exploitation in Windows clients began in March 2017. We informed the Telegram developers of the problem, and the vulnerability no longer occurs in Telegram’s products.
🌐 Source: Secure List
via @TGLive
ℹ️ @geeksChannel
Securelist
Zero-day vulnerability in Telegram
In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.