Telegram Founder: Crypto Mining Malware Attack Isn't Due to App Flaw
Russian cybersecurity firm Kaspersky Lab reported today that a vulnerability in Telegram's messaging app had been exploited to turn desktop computers into unwitting crypto-miners – a claim that the firm's founder is pushing back against.
The cyberattacks were uncovered by Kaspersky Lab, a global cybersecurity software provider, who reports that the covert mining operations have been underway since March of 2017. Kaspersky said that the attacks were possible because of a zero-day vulnerability.
"We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year," Alexey Firsh, a Kaspersky Lab analyst said in a statement today.
Yet Pavel Durov, who founded the popular messaging app, has taken to his own Telegram channel in order to downplay the report.
"As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media," he said. He went on to claim that what Kaspersky had uncovered was not a "real vulnerability on Telegram Desktop," and that cybercriminals could not access users' computers without them first opening a malicious file.
"So don't worry," he told the channel, "Unless you opened a malicius [sic] file, you have always been safe."
Cybercriminals reportedly used the malware to garner monero, zcash and fantomcoin, among other cryptocurrencies, per Kaspersky's report. The firm says evidence indicates that the malware has Russian origins, and notes that, in some cases, it is used as a backdoor through which hackers can silently control a computer. In the course of analyzing malicious servers, Kaspersky also said it found "archives containing a Telegram local cache that had been stolen from victims."
As the profits associated with mining have increased, mining malware has become more common.
CoinDesk reported yesterday that more than 4,000 U.K websites, including government sites, had been infected with mining malware, prompting the U.K. Information Commissioner's Office to take down its website. Likewise, in another significant case last month, it was discovered that Google's DoubleClick ad services were hijacked to distribute mining malware on prominent sites like YouTube. This has put additional pressure on developers to ensure user safety.