Hackers Exploit Flaw in Telegram Messenger To Mine For Cryptocurrencies

Feb 15 2018

With technology getting smarter and improving with every passing day - hackers and people with malicious intent too, are getting smarter. Thanks to the rise in scripts such as Coinhive, hackers are able to remotely mine cryptocurrencies using the processing power of unsuspecting users. One of the biggest such cases was that of a script being found in YouTube ads. Hackers have now found an exploit in the telegram desktop app using which they are mining for cryptocurrencies using users’ PCs.

This zero-day vulnerability in the Telegram Messenger desktop app allowed hackers to install backdoors into the phones, as well as mine for cryptocurrencies. This vulnerability was discovered by a team of researchers at Kaspersky Labs. While this may sound like a scary situation, potentially affecting tens of thousands of users, thankfully, there was only one group of Russian cybercriminals who knew about this exploit. 

However, this exploit was being used for over a year as it had been around since at least March 2017. Hackers were earlier using it to distribute malware, and were now using it to mine for cryptocurrencies. As of now it is unknown if the vulnerability was present even before March of 2017. 

"We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software -- such infections have become a global trend that we have seen throughout the last year," said Alexey Firsh, malware analyst at Kaspersky Lab.

For those wondering what the flaw was, it was actually a flaw in the Right-to-Left Override Unicode where hackers were able to insert a hidden unicode character which would reverse the order of the right-left coding, making it appear as a harmless file. Moreover, the file extension too can be altered here - which would result in users believing they are downloading something else while it might actually be a malware! For instance, a user may receive a file called song.mp3 - they believe that they are being sent a song, but it may actually be a .js file instead.

This backdoor in the Telegram Messenger desktop app allowed the hackers to mine launch and download files on the PC, mine for cryptocurrencies, as well as extract browsing history. The exploit could be used for more dangerous purposes too, such as downloading and installing RATs (Remote Administrative Tools) or keyloggers. 

Using this ability to download and install files on the PCs of users, the hackers were installing apps that would mine ZCash and Monero on the PC of the users. This mining process would basically involve the processing power of the users but the currencies go to the wallets of the hackers. 

This would come as quite a setback for Telegram, which has always marketed itself as a ‘privacy and security’ focused messaging app. In the past, Telegram was marred by various controversies regarding terrorists using it to plan for attacks. With this controversy, Telegram really needs to bounce back harder than ever before to regain their market credibility. 

Comments