Cyber thugs have been exploiting a zero-day flaw in the Telegram Messenger desktop app in order to mine for cryptocurrencies or to install a backdoor to remotely control victims’ computers. Kaspersky Lab discovered “in the wild” attacks on Telegram Messenger’s Windows desktop client back in October 2017. 

The vulnerability in the popular Telegram app had been actively exploited since March 2017 to mine a variety of cryptocurrencies, such as Monero, Zcash, Fantomcoin and others. Yet the multi-purpose malware being delivered was capable of doing more than secretly use the computing power of victims’ machines to mine cryptocurrencies. 

Today, researchers at Check Point Security announced a new attack against WhatsApp and Telegram, targeting the way both chat services process images and multimedia files.

In the WhatsApp case, Check Point was able to craft a malicious image that would appear normal in preview, but direct users to a malware-laden HTML page. Once loaded, the page will retrieve all locally stored data, enabling attackers to effectively hijack the user’s account. The vulnerability was reported to both services on March 8th, and both have changed their file upload validation protocols to protect against the attack.

Despite saying that he “respects” Telegram’s founder, Russian Pavel Durov, NSA whistleblower Edward Snowden said the messenger lacks security at its default settings. “I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe,” former CIA employee tweeted.

Snowden was referring to a specialist in cryptographic and embedded software security, who tweeted that Telegram’s plaintext is stored on the server. Pointing towards the vulnerability of such a setup, Snowden hinted that the plaintext of the messages should not be accessible to a service provider at all for a connection to be truly secure.