简体中文
The Russian security firm Kaspersky Lab says malware exploited a vulnerability in the desktop version of the messaging app Telegram.
The malicious software has been used to target Russian users since March 2017, Kaspersky said in a statement on Tuesday..
It was designed to trick users of Telegram’s desktop computer software into enlisting their machines to mine cryptocurrencies like Monero and Zcash.
Kaspersky Lab said clues found in the code indicate connections to Russian cybercriminals. It said such messaging app vulnerabilities are not unique to Telegram, noting that last month it had found a way for hackers to steal WhatsApp messages.
Telegram ranks as the world’s ninth most popular mobile messaging app and expects to hit 200 million users during the first quarter of 2018, according to a recent white paper by the company. Only its desktop computer version was targeted.
File: The logo of Russia's Kaspersky Lab is displayed at the company's office in Moscow, Russia October 27, 2017.
The malware exploited a feature that allows its messaging software to recognize Arabic and Hebrew language text, which is read right to left.
By using a hidden character in the feature that reversed the order of the characters, the attackers could rename a file, triggering the installation of the malware. Examples of the malicious software were only found in Russia, Kaspersky said.
It
said it had reported the vulnerability to Telegram in October and the issue appears to have been fixed.
In a statement posted on an a Telegram technical channel, the company said the attack was a form of social engineering that only worked if a user was tricked into downloading an image file. It was fixed by Telegram in November, the post said.
“This is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a (malicious) file,” Telegram said.
Telegram is preparing the biggest initial coin offering, in a private sale of tokens, which could be traded as an alternative currency, similar to Bitcoin or Ethereum, an investment proposal seen by Reuters showed. The offering could raise up to 2 billion US dollars, according to media reports.
(REUTERS)
