A new harsh warning today, with millions of you exposed as a new malicious threat, is used by Telegram to target you with dangerous malware – even if you are not a user. If you are hit by this cyber attack, you risk data theft, spyware, ransomware, and even a complete system download. Here’s how to check if you’re infected.
Last year, Telegram’s Pavel Durov warned that “using WhatsApp is dangerous. “But now that provocative attack is back. A new security report, released today, warns of a “growing cyber threat where hackers use Telegram, an instant messaging application with over 500 million active users, as a management and administration system.”
Durov’s WhatsApp warning focused on hacking the messenger itself owned by Facebook, where, he said, backdoors were set up to extract user data. He also warned WhatsApp users about the lack of end-to-end encrypted backups. These were very targeted, very specific attacks, carried out by sophisticated threat actors.
On a wider scale, the use of messengers to spread malware is not new. Earlier this month, Check Point warned that the naughty Netflix bypass application on the Google Play Store abused Android “Notification listening service”To intercept incoming WhatsApp messages on victims’ phones and then automatically respond to those messages with dangerous attachments and malware-related links.
Clearly, Telegram has the same risk – any messenger can be used to send dangerous messages, attachments and links, and you should always be wary of links and attachments, even if they seem to come from friends. But there are much more serious dangers with Telegram that cannot be diminished by the common sense of the users alone.
Telegram is much more complex than its direct rivals, such as Facebook Messenger, WhatsApp, iMessage and Signal. Its architecture now serves more than 500 million users, via a spider web of connected endpoints and its own background cloud. It provides seemingly unlimited groups and channels and other sophisticated features, including its own “bot platform”.
Like a Telegram explains, “Bots are simply Telegram accounts managed by software – not humans – and they will often have AI functions. They can do everything – teach, play, search, broadcast, remind, connect, integrate with other services or even transmit commands to the Internet of Things. “Unfortunately, that’s not all these bots can do.
Check Point, which also issued this new Telegram warning, says it “tracked 130 cyber attacks using malware managed by attackers via Telegram in the last three months … Even when the Telegram is not installed or used, it allows hackers to send malicious commands and remote operations via the instant messaging application. “
The malware itself does not spread through telegrams – which is why, according to Check Point, it doesn’t matter if you have it installed or not. Threats are sent to users through simple email campaigns. But once the created email attachment is opened on the user’s Windows computer, the included Telegram bot manages the connections back to the attacker’s command and control server, managing the attack.
As Check Point puts it, “the popularity of Telegram-based malware in line with the growing use of messaging services around the world” has become a “growing trend,” a trend that is getting worse. “Dozens of new types of Telegram-based malware have been found as” finished “weapons in GitHub hacking tool stores.”
The telegram brings several benefits to the attackers and their campaigns – primarily that the platform is known and reliable and will avoid many defenses. “Telegram is a legitimate, easy-to-use and stable service that is not blocked by corporate antivirus mechanisms or network management tools,” Check Point says.
In addition, an attacker can easily create a new bot without revealing identification data, which makes attribution and interception much more difficult. Telegram’s installation base is also large and growing rapidly, allowing attackers to “use their mobile devices to access infected computers from almost any location globally.”
This threat vector is not new. Such use Telegram bots goes back years. But, as Check Point has now made clear, the problem has not been resolved. “We believe that attackers take advantage of the fact that Telegram is used and allowed in almost all organizations, using this system to carry out cyber attacks, which can circumvent security restrictions,” says Idan Sharabi of Check Point.
The specific malware that Check Point has identified is “ToxicEye”, a new one remote access Trojan or RAT. This RAT can not only steal data or start ransomware locking user files, but can also hijack a microphone and camera on a computer. Windows users can search their systems for “C: Users ToxicEye rat.exe” to check if they are infected.
If you have this file, you must delete it and seek the advice of your company’s IT support service immediately if this is a working machine. If it’s on your computer at home, make sure you install and run a high-quality antivirus program as soon as possible.
Sharabi told me that both individuals and organizations are at risk from these Telegram-enabled attacks, suggesting that “Telegram communications may be blocked to protect against this type of threat. Each individual or security administrator should eliminate this threat based on their preferred security policy. “
Straight talking cyber | Apple vs Facebook and Google
Welcome to Straight Talking Cyber, Forbes‘a new video series on cyber security. We go behind the headline about the major issues affecting you and users around the world, focusing on what you really need to know.
Of course, another critical tip is the same old “don’t open email attachments” unless you’re unsure of the sender and message. These attacks were on Windows computers and you should use some form of security software anyway.
There are other security risks with Telegram, affecting more than half a billion users now provided by the platform. Users must always keep in mind that Telegram is not end-to-end encrypted by default and as such its security is weaker than WhatsApp and iMessage, not to mention Signal. Switching from WhatsApp to Telegram, as I have already said, makes no sense as a security measure.
Check Point says that Telegram did not reveal the latest information, since there is no vulnerability in the messenger software – this is the exploitation of a legitimate function for malicious purposes. Despite this, I contacted Telegram before posting and asked if mitigation would be added to the platform. This is a known issue and his bots obviously have enough abuse, using Telegram’s good name to avoid individual and organizational security measures.
“Given that Telegram can be used to distribute malicious files,” warns Sharabi, “or as a management and control channel for remote-controlled malware, we fully expect that additional tools using this platform will continue to evolve in the future. . “
As such, this vector of attack should be ruled out or organizations should seek to ban Telegram on their networks and mitigate risk, and the consequences would be dire for Telegram and its hundreds of millions of users.
The battle for messaging continues and promises to heat up next month, when the forced change of conditions for WhatsApp users begins. “No one has ever invited Big Tech to join a group chat,” The signal was posted on Twitter this week, in a thinly covert attack on WhatsApp, “but they are still hanging around and know what’s going on. The signal knows nothing. Private groups protect your group names, group memberships, group messages, and even group avatar with end-to-end encryption. “
But perhaps the clearest illustration of the different safety approaches came from Signal’s handling of Cellebrite this week. Late last year, a security firm developed software to extract data from the device via a physical connection he boasted that he added Signal to his target list. The signal pushed hard at the time.
Now Signal has gone a step further, claiming it has serious vulnerabilities with Cellebrite software that could threaten its users. More importantly, Signal’s blog suggests that it can prevent compromising its user data by exploiting vulnerabilities in exfiltration software. I turned to Cellebrite for any comment on Signal’s new claims.
If you’re a user who values security and privacy, looking at all this recent news stream, you can certainly see why switching to Signal makes sense.