Security News

A feature that allows Telegram users to see who's nearby can be misused to pinpoint your exact distance to other users - by spoofing one's latitude and longitude. According to bug-hunter Ahmed Hassan, the "People Nearby" feature could allow an attacker to triangulate the location of unsuspecting Telegram users.

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected. Hassan reported the issue in the hope of a bug bounty only to be told: "Users in the People Nearby section intentionally share their location, and this feature is disabled by default. It's expected that determining the exact location is possible under certain conditions."

The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. In tandem with the sanctions, the FBI released a public threat analysis report that investigated several tools used by Rana Corp. Researchers recently conducted further analysis of one of these malware samples and found that its latest variant showcases several new commands that point to the threat actors sharpening their surveillance capabilities.

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed.

Hackers with access to the Signaling System 7 used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business. Hackers pulling an SS7 attack can intercept text messages and calls of a legitimate recipient by updating the location of their device as if it registered to a different network.

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. APT-C-23 is known to utilize both Windows and Android components, and has previously targeted victims in the Middle East with apps in order to compromise Android smartphones.

Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files. One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.