Telegram can’t seem to catch a break nowadays. It’s bad enough that the service is blacklisted in numerous totalitarian countries such as Russia, China and Iran, but now they are also plagued by hackers and malware. There are two specific instances that deserve mentioning: the first is aimed at phishing for the user’s login credentials and hijacking the chat session, while the other is responsible for turning the victim’s computer into a cryptocurrency mining slave.
Interestingly, both malware types attack the desktops of Russian-speaking Telegram users, perhaps to discourage their citizens from accessing the service. Still, the dangers shouldn’t be taken lightly as viruses can easily evolve to affect everyone under the sun.
A clever wordplay on the name of the host service, Telegrab surfaced in April 2018 and it grew into a secondary, more advanced form only a week after the original release. The virus impacts the desktop version of Telegram only, eyeing not only browser credentials and text files but also attempts to overtake an entire Telegram conversation. In short, all data related to your activity – login details, messages, browsing history – will be compromised.
The malware is spread via an executable file. When the user attempts to run it, Telegrab quickly infects the system and starts looking for browser credentials, cookies and .TXT files to grab – hence the name. The advanced version also exploits Telegram by storing secret chat documents on the device to hijack messaging sessions. In the grand scheme of things, Telegrab is still a minor threat, but having your chat conversation stolen is undoubtedly a serious issue for anybody. The company was informed about the virus and it will hopefully update the app.
The second type of malware is more like a whip-cracking overlord than an elusive data thief. It’s a prime example of a cryptojacking virus that secretly plants mining tools onto the subject’s computer that taps into the hardware power to generate numerous cryptocurrencies for the hackers. Just like Telegrab, this malware is also based on a clever exploit. Telegram has implemented a feature to recognize Arabic and Hebrew text that is read from right to left and the virus is using a special character to reverse the text order in the file name, disguising the executable as a seemingly harmless file like .PNG or .JPG images.
Kaspersky Lab, who first reported the issue, has also pointed out that the virus is capable of stealing private information from the user’s computer, but not on the same scale as Telegrab. According to the security company the flaw has been exploited since 2017 but the main targets were Russian Telegram users.
Don’t Open Mystery Boxes
As already mentioned, just because these malware programs are rampaging in Russia it doesn’t mean that you should slack on your own security. The best way to avoid virus infection is to avoid downloading and even accepting a transfer for any file coming from dubious sources. Always question your partner when they you send something without explanation – who knows, maybe their account has been taken over and it is trying spread the malware. And try to limit the sharing of personal information via messenger apps to a minimum, just for privacy’s sake.
If you suspect that your computer has fallen victim to one of these devious tricks, do the following: monitor the power consumption of your CPU in the task manager and initiate a thorough scan via antivirus software. If your system is operating at max capacity despite being idle, then you are already under the thumb of a cryptojacking virus. A strong firewall might also save you from a whole lot of trouble, as will a VPN. The latter is especially handy if you are in Russia, considering the fact that the service cannot be accessed without otherwise masking your IP.
Best VPN Services of 2019