Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining (bloomberg.com)

Posted by BeauHD on from the crypto-mining dept.

According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

22 of 42 comments (clear)

  1. Sweet by dohzer · · Score: 1

    Sweet! What's Telegram?

    1. Re:Sweet by drinkypoo · · Score: 1

      Sweet! What's Telegram?

      Same problem here. I thought they must be referring to a literal telegram. Whoever picked the name "telegram" for their company must have really thought they were slick when they got it, but it only makes them look like a relic from the 1800s.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Sweet by Ungrounded+Lightning · · Score: 1

      Names of old pantheon gods got used up.
      Decent and decently-short acronyms got used up.
      Recursive acronyms got used up.
      Puns got used up.
      We're now stuck with arbitrary word-thing pairing.

      We've been there since about the large-scale adoption of linux. Or haven't you noticed the arbitrary naming of major open source applications?

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  2. I guess Kaspersky really doesn't care about the US by guruevi · · Score: 2

    If you can backdoor cryptomining into a "secure messaging" service, you can backdoor pretty much everything. I'm sure that any US-based service has similar "bugs". How hard is it to create an application that communicates with a web service without the requirement to run random code? Why is there even a code interpreter in a "secure messaging app"?

    Give me my IRC and PGP, at least I can read through and guarantee the code is clear in a matter of hours.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  3. Re:Why by AHuxley · · Score: 1

    AC to help save computer users from the next Stuxnet, Flame, Equation Group.
    https://en.wikipedia.org/wiki/...

    --
    Domestic spying is now "Benign Information Gathering"
  4. Re:Why by Rockoon · · Score: 1

    Alternate question: Why would anyone vote for Trump?

    Because the most unelectable politician possible rigged her primary while getting the press to pied piper a gameshow host that was even more unelectable, only to have to murder a big fan of the person she screwed out of the primary because as a party employee he copied the emails from the party email system and gave them to wikileaks, an organization that still has never had to retract anything, delivering proof to the people that she was even worse than they had already thought rigging her primary, getting debate questions before the debates, and draining the rest of the party completely dry of the funds needed to win elections across the board, all the while telling the public that you have to vote for #her.

    Clearly the proper response is McCarthyism.

    --
    "His name was James Damore."
  5. Since when is Telegram a Kaspersky product? by _merlin · · Score: 1

    Kaspersky is disclosing a flaw their security researchers found in Telegram, which is not a Kaspersky product. The Telegram client code is open source, but that apparently hasn't stopped stupidity making it into the desktop client.

  6. GUI-lib developers rarely keep security in mind by xxxLCxxx · · Score: 1

    They may have 'hardened' their cryptographic algorithms, but the problem here is clearly that most GUI-libraries are not. :-(

    1. Re:GUI-lib developers rarely keep security in mind by Ash-Fox · · Score: 1

      It's not even self executing though. They're just using right-to-left UTF-8 to make "gpj.abc.exe" appear as "exe.cba.jpg", you can do this on most platforms too...

      --
      Change is certain; progress is not obligatory.
    2. Re:GUI-lib developers rarely keep security in mind by xxxLCxxx · · Score: 1

      Yes, but that is a security problem. Sanitize your links and deactivate them, if you must...

    3. Re:GUI-lib developers rarely keep security in mind by Ash-Fox · · Score: 1

      These aren't links though? These are files being sent over Telegram.

      These are filenames. Literally, I can create files following this convention that exist that way on the Windows and Linux desktop. This is a "feature" of UTF-8.

      --
      Change is certain; progress is not obligatory.
    4. Re:GUI-lib developers rarely keep security in mind by xxxLCxxx · · Score: 1

      There's nothing wrong with that feature. If you happen to be left-handed, you might even prefer Arabic. ;-)
      If you are receiving an executable that way, there should be a warning. Better even, it should be renamed for safety. Just add an '_disabled_this_executable_' post(/pre)fix. Not everybody is into computers. Most Malware spreads by people downloading and clicking on it. Sometimes this takes out entire hospitals. Therefore, you have to keep this in mind when designing software. You can always have an option to enable executables, if it bothers too many professionals (which won't be the case here).

    5. Re:GUI-lib developers rarely keep security in mind by Ash-Fox · · Score: 1

      If you are receiving an executable that way, there should be a warning.

      When you launch an executable from Telegram that you've downloaded on Windows, it actually prompts you the normal way Windows does for a downloaded executable in a browser.

      --
      Change is certain; progress is not obligatory.
    6. Re:GUI-lib developers rarely keep security in mind by xxxLCxxx · · Score: 1

      Which is known to not be enough (hospitals down, etc.)...

  7. Re:I guess Kaspersky really doesn't care about the by Ash-Fox · · Score: 1

    Why is there even a code interpreter in a "secure messaging app"?

    I don't know what you're talking about? The vulnerability is using UTF-8 characters to make a filename use right-to-left, so "gpj.abc.exe" appears as "exe.cba.jpg". This works on other platforms too.

    Give me my IRC and PGP

    It works on IRC and PGP too.

    --
    Change is certain; progress is not obligatory.
  8. creepy by dreamygeek · · Score: 1

    This is really becoming a serious concern. We are talking about the bugs that have been discovered. We don't know how many other apps are doing it too silently.

  9. Re:Treat illicit mining like counterfeiting by tripleevenfall · · Score: 1

    Er... they already are tantamount to gambling in the eyes of the Average Joe

  10. Re:I guess Kaspersky really doesn't care about the by guruevi · · Score: 1

    I wrote my own IRC client on a 80286 running DR-DOS.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  11. Re:I guess Kaspersky really doesn't care about the by guruevi · · Score: 1

    The summary and post it links to implies the Telegram client is executing cryptomining code on its own. Sending a message backwards or forwards is not really an exploit, it's annoying or funny depending on the circumstance. But where is the option to send, link to or execute code?

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  12. Re:I guess Kaspersky really doesn't care about the by Ash-Fox · · Score: 1

    The summary and post it links to implies the Telegram client is executing cryptomining code on its own.

    From the summary:

    Kaspersky said on its website that users were tricked into downloading malicious software onto their computers

    From the article:

    Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine.

    From Kaspersky:

    According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

    I don't really see it "implying" that the "Telegram client is executing cryptomining code on its own" ?

    --
    Change is certain; progress is not obligatory.
  13. Re:I guess Kaspersky really doesn't care about the by guruevi · · Score: 1

    It says "Telegram Flaw Used For Cryptocurrency Mining" implies that Telegram has a flaw that allows the clients to mine for cryptocurrency without the users' consent.

    Being able to screw around with text and fonts and sending someone a link isn't really an "exploit". There are hundreds of URL shorteners that will do that for you. If the user clicks, downloads and then chmod +x an executable (whatever the Windows equivalent is) then that's a problem with the user.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  14. So are stocks, bonds, and commodities. by Ungrounded+Lightning · · Score: 1

    Er... [crypto-currency coins are] already are tantamount to gambling in the eyes of the Average Joe

    So are the stocks, bonds, and (other) commodities. So is insurance. So what?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way