Photo Credit: kaspersky.com
The malicious software has been used to target Russian users since March 2017, Kaspersky said in a statement. It was designed to trick users of Telegram's desktop computer software into enlisting their machines to mine cryptocurrencies like Monero and Zcash.
Telegram ranks as the world's ninth most popular mobile messaging app and expects to hit 200 million users during the first quarter of 2018, according to a recent white paper by the company. Only its desktop computer version was targeted.
The malware exploited a feature that allows its messaging software to recognise Arabic and Hebrew language text, which is read right to left.
By using a hidden character in the feature that reversed the order of the characters, the attackers could rename a file, triggering the installation of the malware. Examples of the malicious software were only found in Russia, Kaspersky said.
Kaspersky Lab said clues found in the code indicate connections to Russian cybercriminals. It said such messaging app vulnerabilities are not unique to Telegram, noting that last month it had found a way for hackers to steal WhatsApp messages.
Kaspersky said it had reported the vulnerability to Telegram in October and the issue appears to have been fixed.
In a statement posted on an a Telegram technical channel, the company said the attack was a form of social engineering that only worked if a user was tricked into downloading an image file. It was fixed by Telegram in November, the post said.
"This is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a (malicious) file," Telegram said.
Telegram is preparing the biggest initial coin offering, in a private sale of tokens, which could be traded as an alternative currency, similar to Bitcoin or Ethereum, an investment proposal seen by Reuters showed. The offering could raise up to $2 billion (roughly Rs. 12,800 crores), according to media reports.
© Thomson Reuters 2018