Telegram has been in hot waters lately. It was recently reported that the Telegram app was removed from the App Store for facilitating the distribution of disturbing content like child pornography. Now, a fresh report from renowned cybersecurity firm, Kaspersky Lab, has revealed that a vulnerability in Telegram’s desktop app was exploited by cybercriminals to seed malware and mine cryptocurrency for months. 

According to a detailed security report by Kaspersky Lab, Russian cybercriminals have been exploiting a vulnerability in the Telegram app’s Windows client to install crypto jacking malware and spyware on users’ systems since March 2017. The flaw was spotted by Kaspersky Lab’s cybersecurity experts in October, which means users have been falling prey to the exploit for months.

Telegram Desktop app under scanner
Telegram Desktop app under scanner

 

Kaspersky Lab proceeded to notify Telegram of the ‘Zero-day vulnerability’, and the latter fixed it soon afterward. The flaw was associated with Telegram’s software mechanism which is used to handle Unicode characters, specifically those for languages which follow a reverse order of writing such as Arabic and Persian. The hackers used this linguistic property to tweak the order of characters in the string to rename a file, sending a JavaScript file of .js filetype disguised as a PNG file. Once users downloaded the file and executed the script, it would proceed to install crypto jacking malware and spyware, and also granted the hackers backdoor access to the unsuspecting user’s system resources.

According to Kaspersky Lab’s report, the cybercriminals leveraged the exploit to mine cryptocurrencies like Monero, Zcash, and Fantomcoin. After being notified of the critical vulnerability, Telegram fixed the flaw, and no such incidents have been reported after that.

On the other hands, Telegram’s founder Pavel Durov has downplayed Kaspersky Lab’s report, stating that the cybersecurity firm’s finding was not a real vulnerability on Telegram’s desktop app. “As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media.”, he added, further assuring that as long as users haven’t downloaded a malicious file, they’re safe.