Bloomberg reported Tuesday that Telegram remains among the more popular messaging hubs tied to cryptocurrency stakeholders. The security firm said that users had been duped, mistakenly downloading malicious software that then “used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine.” Kaspersky had found archives that had Telegraph data that had also been pilfered.
Pavel Durov started Telegram five years ago, and has sought to build the reputation that the messaging app is a secure one, that is encrypted and thus hard to crack. Telegram is also looking to raise $2 billion through an initial coin offering.
Kaspersky for its part, said the newswire, “reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger’s products.”
Separately Reuters said that the software that had been used to exploit the vulnerability had been used to target Russian users (the only targets) of Telegram since March of this year. That newswire noted that Telegram is the ninth most popular mobile messaging app in the world and may reach as many as 200 users this quarter, though it should be noted that it was the desktop version of the messaging app that was targeted.
Digging a bit into the details, Reuters said that the malware worked with a feature of Telegram that lets the messaging software recognize text that is read right to left, which includes Arabic and Hebrew. Those exploiting Telegram were able to rename files and install the malware.
The issue was reported to have been fixed, said Reuters.