Cyber thugs have been exploiting a zero-day flaw in the Telegram Messenger desktop app in order to mine for cryptocurrencies or to install a backdoor to remotely control victims’ computers.
Kaspersky Lab discovered attacks on Telegram Messenger’s Windows desktop client back in October 2017. The vulnerability in the popular Telegram app had been actively exploited since March 2017 to mine a variety of cryptocurrencies. Yet the multi-purpose malware being delivered was capable of doing more. While analyzing the cyber criminals’ servers, Kaspersky researchers discovered archives that contained a Telegram local cache that had been stolen from victims.
Installing a backdoor that used the Telegram API as a command and control protocol was another zero-day exploitation scenario. This gave the attackers remote control access on infected computers. “After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands, including the further installation of spyware tools,” the researchers said.
Read more about the zero-day flaw in Telegram Messenger’s desktop client that was exploited to mine cryptocurrency or to install a backdoor on CSO.