Russian cybersecurity firm Kaspersky Lab reported today that it spotted evidence of a vulnerability in Telegram’s messaging app had been exploited to turn desktop computers into unwitting crypto-miners – a claim that the firm’s founder is pushing back against.
The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware.
According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers’ servers.
Kaspersky said it notified Telegram of the issue and it appears to have been rectified. “The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” Kaspersky Malware Analyst Alexey Firsh said in a statement.