Researchers at Cisco’s Talos team have uncovered a malware strain that is specifically targeting the chat service Telegram. Dubbed TeleGrab malware in a post by Talos, it seeks to specifically go after desktop users of Telegram. The reason for this is that end-to-end encryption is not available in the desktop version and this allows all sorts of information to be accessed. Because Telegram’s mobile version is end-to-end encrypted, it is possible that users of the desktop version mistakenly believe that their conversations are also protected (even though the company explicitly states this is not the case).
With all of this in mind, analysis of the TeleGrab malware has turned up some very interesting data. When it was first discovered in April, the malware “only stole browser credentials and cookies, along with all text files it can find on the system.” In its second form, which was produced not long after the initial discovery of TeleGrab, the malware added an ability to “collect Telegram’s desktop cache and key files, as well as login information for the video game storefront Steam.” Additionally, the malware is coded in Go, AutoIT, and Python — at least this is what has been discovered so far.
Research has also shown that the Telegram malware author, who goes by the absurd handle of Raccoon Hacker, is of Russian heritage and is primarily targeting Russian speakers. Talos found in the source code that “the decoding of the user home directory is done using the CP-1251 character encoding scheme, which is mainly used for languages like Russian.” Raccoon Hacker made no attempts to hide his or her identity, going so far as putting tutorials on hacking forums and YouTube to show how easy it is to use Telegrab.
The best thing I can advise users of Telegram right now is to avoid the desktop version until end-to-end encryption is added (something the company has expressed interest in doing). As while Raccoon Hacker may be a proficient coder, he or she is liable to be caught eventually. Someone this brazen with their attack, and pushing themselves into public Internet forums for recognition, is effectively falling on their own sword. The immaturity behind some of these actions suggests Raccoon Hacker is young enough to be reformed. Hopefully, this happens before the law comes crashing down because this is some serious trouble that this kid is getting into.
Featured image: Shutterstock