Tag Archives: endtoend

Hackers Exploit ‘Telegram Messenger’ Zero-Day Flaw to Spread Malware

telegram-vulnerability

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software.

The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist.

Here’s How Telegram Vulnerability Works

The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, like Arabic or Hebrew.

According to Kaspersky Lab, the malware creators used a hidden RLO Unicode character in the file name that reversed the order of the characters, thus renaming the file itself, and send it to Telegram users.

For example, when an attacker sends a file named “photo_high_re*U+202E*gnp.js” in a message to a Telegram user, the file’s name rendered on the users’ screen flipping the last part.

Therefore, the Telegram user will see an incoming PNG image file (as shown in the below image) instead of a JavaScript file, misleading into downloading malicious files disguised as the image.

“As a result, users downloaded hidden malware which was then installed on their computers,” Kaspersky says in its press release published today.

Kaspersky Lab reported the vulnerability to Telegram and the company has since patched the vulnerability in its products, as the Russian security firm said: “at the time of publication, the zero-day flaw has not since been observed in messenger’s products.”

Hackers Used Telegram to Infect PCs with Cryptocurrency Miners

telegram-vulnerability

During the analysis, Kaspersky researchers found several scenarios of zero-day exploitation in the wild by threat actors. Primarily, the flaw was actively exploited to deliver cryptocurrency mining malware, which uses the victim’s PC computing power to mine different types of cryptocurrency including Monero, Zcash, Fantomcoin, and others.

While analyzing the servers of malicious actors, the researchers also found archives containing a Telegram’s local cache that had been stolen from victims.

In another case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API as a command and control protocol, allowing hackers to gain remote access to the victim’s computer.

“After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools,” the firm added.

Firsh believes the zero-day vulnerability was exploited only by Russian cybercriminals, as “all the exploitation cases that [the researchers] detected occurring in Russia,” and a lot of artifacts pointed towards Russian cybercriminals.

The best way to protect yourself from such attacks is not to download or open files from unknown or untrusted sources.

The security firm also recommended users to avoid sharing any sensitive personal information in messaging apps and make sure to have a good antivirus software from reliable company installed on your systems.

Telegram Agrees to Register With Russia to Avoid Ban, But Won’t Share User Data

telegram-russia-data-protection-law

After being threatened with a ban in Russia, end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users’ confidential data at any cost.

Russia’s communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors.

The Russian government requirement came following terrorists’ suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram‘s app to communicate and plot attacks.

“There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram,” said Alexander Zharov, head of Roskomnadzor. 

“And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information.”

Telegram CEO Pavel Durov refused to comply with the country’s requirements because he feared that it would weaken the privacy of its over 6 Million Russian users.

Telegram: No Confidential Data of Users will be Shared

However, after facing pressure from the government, Durov agreed on Wednesday to just register with the Russian government, but the company wouldn’t store citizens’ information on the Russian servers.

The Russian Federal Service for Supervision Of Communications, Information Technology and Mass Media (Roskomnadzor) announced on Wednesday that Telegram had finally presented all the requirements.

Roskomnadzor is a federal executive body in Russia responsible for overseeing the media, including the electronic media, mass communications, information technology and telecommunications; organizing the work of the radio-frequency service; and overseeing compliance with the law protecting the confidentiality of its users’ personal data.

Durov announced his decision via VK.com, the Russian version of Facebook, adding that while he’s happy for Telegram to be formally registered in Russia, anything that violates users’ privacy will not be served — only basic information about the company will be shared.

“We will not comply with unconstitutional and technically impossible Yarovaya Package laws—as well as with other laws incompatible with the protection of privacy and Telegram’s privacy policy,” Durov said.

Telegram is an end-to-end encrypted messaging app, but unlike WhatsApp, Telegram does not offer the end-to-end messaging feature to its users by default. Rather users need to open encrypted chats to communicate securely.

How to Communicate Securely with Telegram 

If you are communicating with people on Telegram thinking that your chats are end-to-end encrypted, you are mistaken, because all your chats will be stored in plain text on Russian servers, making it possible for the government to request it with court orders, when required.

So, always make sure that you communicate with people on Telegram using its encrypted chat feature. Here’s how to start an end-to-end encrypted chat on Telegram:

  • Open Telegram app
  • Select the contact you want to communicate
  • Click on his/her name
  • Select ‘Start Secret Chat’ (highlighted in green color)
  • A new, secure chat window will open, where you can communicate securely.

You can also enable other security features offered by Telegram.

These features include Two-Step Verification that allows you to set up an additional passcode for your Telegram account, which is also required to log into your account and Self-Destruct Secret Chats that lets you self-destruct your messages after a specified time (between 1 second and 1 week), leaving no trace on Telegram servers.

Powered by WPeMatico

Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists

russia-telegram-data-law

Russia has threatened a ban against Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country’s new data protection laws.

Russia’s FSB intelligence service said on Monday that the terrorists who killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot the attacks.

According to the new Russian Data Protection Laws, since January 1, all foreign tech companies have been required to store past six months’ of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand.

“There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram,” Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog).

“And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information.”

Russian wants Telegram to share its users’ chats and crypto keys if asked, as the encrypted messaging app has become widely popular among terrorists for operating inside Russia.

Founder Pavel Durov said on Twitter that Intelligence agencies had pressured the company to weaken its encryption or install a backdoor.

So far, Telegram has refused to comply with the requirements in order to protect the privacy of its more than 6 million Russian users.

November last year, LinkedIn, the world’s largest online professional network, was also banned in Russia for not complying with the country’s data protection laws.

Powered by WPeMatico