Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users’ computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers’ servers.
Telegram is a popular messaging service. And while its encryption has attracted users whose communications may be less than legal, its popularity has also attracted groups wanting to exploit its many users. Telegram was briefly pulled from Apple’s App Store earlier this month because users were sharing child pornography through it and it has remained a popular mode of communication for members of ISIS despite Telegram’s attempts to prevent it. Last month, Symantec discovered a fraudulent copy of Telegram on Google Play that served users ads as well as another that installed malware onto the systems of those who downloaded it.
Of course, sneaky cryptocurrency mining hijacks are nothing new. Attackers have targeted Android phones, government websites and Showtime’s streaming website, among many others. Kaspersky said it notified Telegram of the issue and it now appears to have been rectified. “The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” Kaspersky Malware Analyst Alexey Firsh said in a statement.