Slashdot Mirror
Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining (bloomberg.com)
According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."
And Invalidate the coins. Mining is bad enough for the environment without the unauthorized mining on top of it.
is sucking my DAMN balls, which is also environmentally friendly
Sweet! What's Telegram?
If you can backdoor cryptomining into a "secure messaging" service, you can backdoor pretty much everything. I'm sure that any US-based service has similar "bugs". How hard is it to create an application that communicates with a web service without the requirement to run random code? Why is there even a code interpreter in a "secure messaging app"?
Give me my IRC and PGP, at least I can read through and guarantee the code is clear in a matter of hours.
Custom electronics and digital signage for your business: www.evcircuits.com
Why would any American ever use a Kaspersky product ever again?
Exactly. All these apps have evil long-term agendas and they all share data with each other. They were preparing for a War of the Worlds-style surprise attack. But without a true Linux smartphone, we're all being monitored and spied on at the lowest levels of the device. There's no escape. It's a rigged game. It will require revolution to break out of.
https://www.virustotal.com/#/file/ec13bf5c1a8d31aa3bc353ac45a182cbbef272d27d5ad76490aefd81230bbd6e/detection
this opencl based miner was not detected buy kaspersky until i submitted it to them.
it was called "precomp.exe" and resided in %appdata%\users\origin
funny enough they knew of the file's existence and it was marked as safe, due to a common file name (and not hash ffs).
saw some threads about a similar miner appearing in the winrar appdata folder lmao
Kasperksy must step their game up - if not in full screen and GPU usage >99% for more than 5 minutes issue a red alert ffs
i can do this with wmic or powershell in 1 line, why does not the top tier AV have this
BTW the other russian dr web software DETECTS IT.
I basically helped Kasper by submitting it to them and telling them it is not trust worthy.
This was the desktop app though, not the phone app. More information would certainly be helpful here. If I have Telegram installed on my GNU/Linux system and they can mine crypto with it does that also mean they have access to my PC? Or is this more like a javascript miner that is being permitted to run, but can't really do any harm?
I read the details of the vulnerability and it basically makes it such that you think you are opening a file that isn't executable. When you click to open what you think is an image file you are warned about the fact you are about to execute a potentially dangerous file. This appears to only impact Microsoft Windows users in practice. I can't see how it would impact GNU/Linux users. Even stupid GNU/Linux users (yes, they exist).
I first thought of Björk's remix album. Apparently it is a messaging app, after all.
More information would certainly be helpful here. If I have Telegram installed on my GNU/Linux system and they can mine crypto with it does that also mean they have access to my PC? Or is this more like a javascript miner that is being permitted to run, but can't really do any harm?
"Being tricked into downloading" means people have to click a link in a text message, and generally execute it themselves afterward. It is a tiny little bit more advanced than that, using a right-to-left character to apparently reverse the entire filename, extension included, so it could possibly help fool more people, but if you're on Slashdot, on GNU/Linux (and you're writing it "GNU/Linux"), it ought to take more than that to get to you... (well, unless you're one of those geeks, who drink alcohol, take drugs, and/or get all click happy when people send them "exe.cuting.all.your.desires.see.me.naked.mp4", "exe.cutive.secretary.candid.shot.jpg", "exe.cuted.dude.gore.mp4", or "hs.kq6xi.the.meme.to.end.all.memes.webm" links, and actually execute those directly in some way or another...).
Kaspersky is disclosing a flaw their security researchers found in Telegram, which is not a Kaspersky product. The Telegram client code is open source, but that apparently hasn't stopped stupidity making it into the desktop client.
They may have 'hardened' their cryptographic algorithms, but the problem here is clearly that most GUI-libraries are not. :-(
You seem to have read neither pgp nor irc client/server source code...
I don't know what you're talking about? The vulnerability is using UTF-8 characters to make a filename use right-to-left, so "gpj.abc.exe" appears as "exe.cba.jpg". This works on other platforms too.
It works on IRC and PGP too.
Change is certain; progress is not obligatory.
I have never seen so much misinformed selfrighteousness in a single post.
Give this man a medal for absolutely having 0 knowledge of how software works
This is really becoming a serious concern. We are talking about the bugs that have been discovered. We don't know how many other apps are doing it too silently.
It seems like we have a story almost every day about some attack that APK's work failed to prevent. As always he will chime in once he finds someone who managed to block it using hosts long after the initial attack happened and claim that his work can stop it now but only if one takes manual intervention. Too bad he has problems parsing English so doesn't realize what was actually said and doesn't seem to understand that his software is a very bad security janitor that tries but fails miserably to clean up the mess. I'm sure we can look forward to misquoted Slashdot users, incorrectly interpreted "experts", lots of name calling, as well as piles of fevered ranting.
End of story. Why are they being presented here as anything but suspicious interlopers and unwelcome pests?
I wrote my own IRC client on a 80286 running DR-DOS.
Custom electronics and digital signage for your business: www.evcircuits.com
The summary and post it links to implies the Telegram client is executing cryptomining code on its own. Sending a message backwards or forwards is not really an exploit, it's annoying or funny depending on the circumstance. But where is the option to send, link to or execute code?
Custom electronics and digital signage for your business: www.evcircuits.com
From the summary:
Kaspersky said on its website that users were tricked into downloading malicious software onto their computers
From the article:
Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine.
From Kaspersky:
According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.
I don't really see it "implying" that the "Telegram client is executing cryptomining code on its own" ?
Change is certain; progress is not obligatory.
It says "Telegram Flaw Used For Cryptocurrency Mining" implies that Telegram has a flaw that allows the clients to mine for cryptocurrency without the users' consent.
Being able to screw around with text and fonts and sending someone a link isn't really an "exploit". There are hundreds of URL shorteners that will do that for you. If the user clicks, downloads and then chmod +x an executable (whatever the Windows equivalent is) then that's a problem with the user.
Custom electronics and digital signage for your business: www.evcircuits.com
Er... [crypto-currency coins are] already are tantamount to gambling in the eyes of the Average Joe
So are the stocks, bonds, and (other) commodities. So is insurance. So what?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
not using Google's push servers, and permanently trying to keep the connection to its own, even when that is currently not possible.
If you have wifi and mobile data off, turn off Telegram. With just that, I went from 2.5 to 3.5 days of battery life with my phone. (Blackview BV6000.)
Have you tried reading gpg's code? The code style is so outdated that it's practically foreign (gotos anyone?). It's quite logical once you get used to it but, to someone unfamiliar with the codebase, it's not something they can dip into and vet in a couple of hours.
If I remember correctly there's a custom type defined to handle private keys so that sensitive data is not stored contiguously in RAM.
See subject & answer that question. You CLAIM you write 'real securityware' & that I'd 'shit my pants if I knew who you are' (well, I don't see SHIT from you on either account)
* All you do is constantly stalk or harass me behind UNIDENTIFIABLE anonymous posts so I can't know WHO you are but I know WHAT you are - a punk "ne'er-do-well" DO-NOTHING ZERO 'jealous jowie' & nothing more.
APK
P.S.=> See subject & proof hosts work vs. this threat:
0.0.0.0 url.plus
0.0.0.0 vodafoneinfinity.sytes.net
0.0.0.0 sytes.net
0.0.0.0 windupdate.serveftp.com
0.0.0.0 119.network
Each placed into a hosts file blocks this threat & my hosts file already had that data so YOU ARE DEAD WRONG>/b>, lol... apk