Telegram's fake desktop app malware comes to light
Telegram is a constantly growing instant messaging service with the client apps available for mobile and desktop platforms.
As per Kirschner’s analysis, several Google results for the Telegram Windows client were part of the malware campaign.
These three fake links i.e., telegramdesktop.org, telegramdesktop.com, and telegramdesktop.net, were rigged with malware instead of the supposed Windows binary files.
While all three links have now been archived by Kirschner’s team, their analysis led them to the origin.
This was possible because of numerous OpSec errors made by the perpetrators while materializing the fake Telegram malware campaign.
Moreover, the second stage of the attack was also outlined by the vulnerability researcher where a common info stealer, AZORult, gets installed on the target machine.
It is good to see that measures to pull down the fake Telegram Windows client links have already been taken.
Nevertheless, the perpetrators are still out there and are probably devising a new attack strategy.
So, it is always better to keep an eye on the finer details while visiting popular sites or downloading popular apps as these are the most common targets for such malpractices.
That said, we will be back with more such stories once new information becomes available so stay tuned.
PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.