Security News

Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strý?ek said in a new analysis.

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then finally leads the victim to the next stage server for the final payload," the BlackBerry Research and Intelligence Team said in a report shared with The Hacker News.

The advanced persistent threat group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report.

The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Once installed, this app enables the hackers to conduct espionage on the targeted victims, including monitoring phone calls, collecting SMS texts, and grabbing contact lists.

Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers. "Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies," the company's Security Threat Intelligence team revealed.

A ruling handed down from the Delhi High Court this week declared that Telegram must hand over information such as IP addresses, mobile numbers, and devices used by channels on the platform involved in copyright infringement. On behalf of Telegram, the platform's senior counsel, Amit Sibal, said that the arrangement already in place directing Telegram to take down the infringing channels was "Sufficient to protect the interest of the plaintiffs."

Telegram is one of the best cross-platform messaging apps and it is regularly updated with new features. The privacy-focused social media platform is now working on a new subscription-based project dubbed "Telegram Premium".

Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.

Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "Assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.

An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service bot. What makes this malware-as-a-service stand out is that besides using a Telegram channel to communicate updates about the latest features, it also employs a Telegram Bot that enables the purchasers to build the binary.