Researchers have revealed new malware designed to collect information from messaging service Telegram.
On Wednesday, Cisco Talos researchers Vitor Ventura and Azim Khodjibaev said that over the past six weeks, the team has monitored the emergence of what has been called Telegrab.
This malware has been designed to collect cache and key files from Telegram, an end-to-end encrypted messaging service.
The malicious code was first spotted in the wild on 4 April 2018, and a second variant emerged only six days later.
While the first version of Telegrab only stole text files, browser credentials, and cookies, the second also added new functionality which allowed the malware to collect data from Telegram’s desktop cache — alongside Steam login credentials — in order to hijack active Telegram sessions.
“Telegram session hijacking is the most interesting feature of this malware, even with limitations this attack does allow the session hijacking and with it, the victims’ contacts and previous chats are compromised,” the team says.
The malware impacts the desktop version of Telegram. However, it is not a security vulnerability that is at fault.
Cisco Talos blames “weak default settings” on this version of the chat service, and the malware also abuses the lack of Secret Chats — which is not available on desktop.
“The malware abuses the lack of Secret Chats which is a feature, not a bug,” Talos added. “Telegram desktop by default…