Telegram has been in hot waters lately. It was recently reported that the Telegram app was removed from the App Store for facilitating the distribution of disturbing content like child pornography. Now, a fresh report from renowned cybersecurity firm, Kaspersky Lab, has revealed that a vulnerability in Telegram’s desktop app was exploited by cybercriminals to seed malware and mine cryptocurrency for months.
According to a detailed security report by Kaspersky Lab, Russian cybercriminals have been exploiting a vulnerability in the Telegram app’s Windows client to install crypto jacking malware and spyware on users’ systems since March 2017. The flaw was spotted by Kaspersky Lab’s cybersecurity experts in October, which means users have been falling prey to the exploit for months.
According to Kaspersky Lab’s report, the cybercriminals leveraged the exploit to mine cryptocurrencies like Monero, Zcash, and Fantomcoin. After being notified of the critical vulnerability, Telegram fixed the flaw, and no such incidents have been reported after that.
On the other hands, Telegram’s founder Pavel Durov has downplayed Kaspersky Lab’s report, stating that the cybersecurity firm’s finding was not a real vulnerability on Telegram’s desktop app. “As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media.”, he added, further assuring that as long as users haven’t downloaded a malicious file, they’re safe.