Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Bitcoin Privacy Security Software

Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining (bloomberg.com) 42

According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining

Comments Filter:
  • Sweet! What's Telegram?

    • Sweet! What's Telegram?

      Same problem here. I thought they must be referring to a literal telegram. Whoever picked the name "telegram" for their company must have really thought they were slick when they got it, but it only makes them look like a relic from the 1800s.

      • Names of old pantheon gods got used up.
        Decent and decently-short acronyms got used up.
        Recursive acronyms got used up.
        Puns got used up.
        We're now stuck with arbitrary word-thing pairing.

        We've been there since about the large-scale adoption of linux. Or haven't you noticed the arbitrary naming of major open source applications?

  • If you can backdoor cryptomining into a "secure messaging" service, you can backdoor pretty much everything. I'm sure that any US-based service has similar "bugs". How hard is it to create an application that communicates with a web service without the requirement to run random code? Why is there even a code interpreter in a "secure messaging app"?

    Give me my IRC and PGP, at least I can read through and guarantee the code is clear in a matter of hours.

    • Kaspersky is disclosing a flaw their security researchers found in Telegram, which is not a Kaspersky product. The Telegram client code is open source, but that apparently hasn't stopped stupidity making it into the desktop client.

    • by Ash-Fox ( 726320 )

      Why is there even a code interpreter in a "secure messaging app"?

      I don't know what you're talking about? The vulnerability is using UTF-8 characters to make a filename use right-to-left, so "gpj.abc.exe" appears as "exe.cba.jpg". This works on other platforms too.

      Give me my IRC and PGP

      It works on IRC and PGP too.

      • by guruevi ( 827432 )

        The summary and post it links to implies the Telegram client is executing cryptomining code on its own. Sending a message backwards or forwards is not really an exploit, it's annoying or funny depending on the circumstance. But where is the option to send, link to or execute code?

        • by Ash-Fox ( 726320 )

          The summary and post it links to implies the Telegram client is executing cryptomining code on its own.

          From the summary:

          Kaspersky said on its website that users were tricked into downloading malicious software onto their computers

          From the article:

          Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine.

          From Kaspersky:

          According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

          I don't really see it "implying" that the "Telegram client is executing cryptomining code on its own" ?

          • by guruevi ( 827432 )

            It says "Telegram Flaw Used For Cryptocurrency Mining" implies that Telegram has a flaw that allows the clients to mine for cryptocurrency without the users' consent.

            Being able to screw around with text and fonts and sending someone a link isn't really an "exploit". There are hundreds of URL shorteners that will do that for you. If the user clicks, downloads and then chmod +x an executable (whatever the Windows equivalent is) then that's a problem with the user.

  • They may have 'hardened' their cryptographic algorithms, but the problem here is clearly that most GUI-libraries are not. :-(
    • by Ash-Fox ( 726320 )

      It's not even self executing though. They're just using right-to-left UTF-8 to make "gpj.abc.exe" appear as "exe.cba.jpg", you can do this on most platforms too...

      • Yes, but that is a security problem. Sanitize your links and deactivate them, if you must...
        • by Ash-Fox ( 726320 )

          These aren't links though? These are files being sent over Telegram.

          These are filenames. Literally, I can create files following this convention that exist that way on the Windows and Linux desktop. This is a "feature" of UTF-8.

          • There's nothing wrong with that feature. If you happen to be left-handed, you might even prefer Arabic. ;-)
            If you are receiving an executable that way, there should be a warning. Better even, it should be renamed for safety. Just add an '_disabled_this_executable_' post(/pre)fix. Not everybody is into computers. Most Malware spreads by people downloading and clicking on it. Sometimes this takes out entire hospitals. Therefore, you have to keep this in mind when designing software. You can always have an op
            • by Ash-Fox ( 726320 )

              If you are receiving an executable that way, there should be a warning.

              When you launch an executable from Telegram that you've downloaded on Windows, it actually prompts you the normal way Windows does for a downloaded executable in a browser.

  • This is really becoming a serious concern. We are talking about the bugs that have been discovered. We don't know how many other apps are doing it too silently.

Chemist who falls in acid will be tripping for weeks.

Working...