Cybercriminals have remote access to victims ' computers and use their processing power for cryptocurrency mining.
Telegram client for Windows has discovered a vulnerability that hackers, starting from March 2017, used to install spyware software and mining of cryptocurrencies. On Tuesday, February 13, reports Kommersant with reference to the Kaspersky Lab. At the same time the Creator of Telegram, Pavel Durov skeptically commented on anti-virus lab.
As noted in the Kaspersky Lab, victims of criminals could be up to 1 thousand people.
Experts said that the vulnerability was to use attack RLO (right-to-left override), through which attackers change the order of characters in the name and file extension. So the victim downloads the malicious software under the guise of, for example, the images themselves ran it, not knowing that this is executable file. This allowed cyber criminals to remotely access victims ' computers and use their processing power for cryptocurrency mining Monero, zcash for, Fantomcoin, and others.*0. In addition, the hackers installed on computers spyware. So, on the server of the cyber criminals, analysts found the archives with a local cache of the Telegram, which criminals drained from the victims. Each of them besides other things contained in encrypted form various user materials from the correspondence: documents, audio, video, photos.
"The discovered artifacts suggest a Russian origin of the criminals. Some lines of malicious code was in Russian, and "light up" email-addresses of the attackers appeared Russian words and names," — said anti-virus expert of Kaspersky Lab's Alexey Firsh.
All cases of hacker attacks were recorded in Russia and only client for Windows. The Kaspersky Lab experts do not exclude that vulnerability was exposed and other platforms.
Currently the developers Telegram messenger notified about the problem, the vulnerability is already closed.
At the same time the Creator of Telegram, Pavel Durov asked me to be skeptical of the message security vendors about the vulnerabilities in the messenger. About this he wrote in his Telegram channel.
"Reports of antivirus companies should be taken with a grain of salt, as they tend to exaggerate the seriousness of their findings to gain publicity in the media," - wrote Durov.
He also asked to pay attention to the message in the channel Telegram Geeks. It says that there is no vulnerability in the messenger was not a spy software the hackers installed through the distribution of malicious files.
Earlier it was reported that Telegram is launching its own cryptocurrency.
Recall Durov refused to sell Telegram $5 billion
News from Корреспондент.net in Telegram. Subscribe to our channel https://t.me/korrespondentnet