Security News > 2021 > February > A Sticker Sent On Telegram Could Have Exposed Your Secret Chats
Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors.
Following responsible disclosure, Telegram addressed them in a series of patches on September 30 and October 2, 2020.
The flaws stemmed from the way secret chat functionality operates and in the app's handling of animated stickers, thus allowing attackers to send malformed stickers to unsuspecting users and gain access to messages, photos, and videos that were exchanged with their Telegram contacts through both classic and secret chats.
It's worth noting that this is the second flaw uncovered in Telegram's secret chat feature, following last week's reports of a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.
This is not the first time images, and multimedia files sent via messaging services have been weaponized to carry out nefarious attacks.
In March 2017, researchers from Check Point Research revealed a new form of attack against web versions of Telegram and WhatsApp, which involved sending users seemingly innocuous image files containing malicious code that, when opened, could have allowed an adversary to take over users' accounts on any browser completely, and access victims' personal and group conversations, photos, videos, and contact lists.