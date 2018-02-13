Please create an account to participate in the Slashdot moderation system

 


Bitcoin Privacy Security Software

Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining

Posted by BeauHD from the crypto-mining dept.
According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

  • Sweet! What's Telegram?

    • Sweet! What's Telegram?

      Same problem here. I thought they must be referring to a literal telegram. Whoever picked the name "telegram" for their company must have really thought they were slick when they got it, but it only makes them look like a relic from the 1800s.

  • If you can backdoor cryptomining into a "secure messaging" service, you can backdoor pretty much everything. I'm sure that any US-based service has similar "bugs". How hard is it to create an application that communicates with a web service without the requirement to run random code? Why is there even a code interpreter in a "secure messaging app"?

    Give me my IRC and PGP, at least I can read through and guarantee the code is clear in a matter of hours.

    • Kaspersky is disclosing a flaw their security researchers found in Telegram, which is not a Kaspersky product. The Telegram client code is open source, but that apparently hasn't stopped stupidity making it into the desktop client.

    • Re: (Score:2)

      by Ash-Fox ( 726320 )

      Why is there even a code interpreter in a "secure messaging app"?

      I don't know what you're talking about? The vulnerability is using UTF-8 characters to make a filename use right-to-left, so "gpj.abc.exe" appears as "exe.cba.jpg". This works on other platforms too.

      Give me my IRC and PGP

      It works on IRC and PGP too.

  • They may have 'hardened' their cryptographic algorithms, but the problem here is clearly that most GUI-libraries are not. :-(

    • Re: (Score:2)

      by Ash-Fox ( 726320 )

      It's not even self executing though. They're just using right-to-left UTF-8 to make "gpj.abc.exe" appear as "exe.cba.jpg", you can do this on most platforms too...

      • Yes, but that is a security problem. Sanitize your links and deactivate them, if you must...

        • Re: (Score:2)

          by Ash-Fox ( 726320 )

          These aren't links though? These are files being sent over Telegram.

          These are filenames. Literally, I can create files following this convention that exist that way on the Windows and Linux desktop. This is a "feature" of UTF-8.

  • This is really becoming a serious concern. We are talking about the bugs that have been discovered. We don't know how many other apps are doing it too silently.

