Telegram Users Hacked To Mine XMR and ZCash Crypto Coins
In an ironic twist, the privacy-centred instant messaging app Telegram has taken a blow to its reputation. Hackers were able to utilize some of Telegram’s userbase to secretly mine both Monero and Zcash, as revealed by the security firm Kaspersky Labs.
Not as Secure as Expected
As per the global cybersecurity and anti-virus provider vendor Kaspersky lab, attackers managed to leverage a loophole in Telegram’s desktop app, which allowed attackers to take control of Telegram’s userbase and mine profitable cryptocurrencies.
Since March of 2017, hackers have been using implanted malware that exploits what researchers are calling a “zero-day” vulnerability in the telegram desktop application. This has allowed attackers access via a backdoor to deliver a payload of secret mining software.
In order to get around its users anti-virus programs and firewalls, the attackers employed a hidden Unicode character that was able to rename the files that users downloaded. Instead of downloading the intended file, the Unicode character would change the name of the file upon downloading, which then loaded the malware payload to their computers.
Kaspersky Lab reported the vulnerability to Telegram as soon as they confirmed the source of the malware. At the time of writing this article, the vulnerability appears to have been removed from Telegram’s suite of products.
Despite this critical blow to Telegram’s integrity and reputation, the Telegram website continues to claim that its messages are heavily encrypted and that they can self-destruct at any moment. Ironically, the website also states that its platform is safe from hacker attackers.
And despite being an instant messaging platform that was built for private communication, Kaspersky labs still recommends users to refrain from sharing or posting sensitive personal information about one’s self in instant messengers, and to never click on links from untrustworthy sources.
Extra Bad Bews for Telegram’s ICO
The latest news posted by Kaspersky Labs probably won’t do the platform any favours for its world record-seeking initial coin offering.
Telegram’s ambition is to make a mainstream payment system available on their system. The problem is that a handful of important investors have declined to help Telegram reach its $2 billion dollar target, with a lack of technical know-how being the most cited reason.
Unfortunately for Telegram, investors can now add a lack of trust and transparency to that list as well.
Although Telegram claims to have fixed the situation, it is going to be hard for the platform to recover from such negative press. Any platform that suffers a zero-day and malware attack will come under siege from the press and security experts, but Telegram is meant to be the most secure and trustworthy messaging app of all.
The fact that Telegram allowed its application to be used by cryptocurrency miners and install additional spyware could prompt future investors to think the same thing, all of which spells terribly bad news for Telegram’s initial coin offering.