Telegram's fake desktop app malware comes to light

Telegram is a constantly growing instant messaging service with the client apps available for mobile and desktop platforms.

These include iOS, Android, macOS, Linux, and Windows. However, an active malvertising campaign seems to be targeting the Telegram desktop client for Windows.

The information comes from Jannis Kirschner, a Swiss Security Researcher, who came across the said malware campaign while searching for the desktop app on Google.

As per Kirschner’s analysis, several Google results for the Telegram Windows client were part of the malware campaign.

These three fake links i.e., telegramdesktop.org, telegramdesktop.com, and telegramdesktop.net, were rigged with malware instead of the supposed Windows binary files.

While all three links have now been archived by Kirschner’s team, their analysis led them to the origin.

This was possible because of numerous OpSec errors made by the perpetrators while materializing the fake Telegram malware campaign.

Moreover, the second stage of the attack was also outlined by the vulnerability researcher where a common info stealer, AZORult, gets installed on the target machine.

It is good to see that measures to pull down the fake Telegram Windows client links have already been taken.

Nevertheless, the perpetrators are still out there and are probably devising a new attack strategy.

So, it is always better to keep an eye on the finer details while visiting popular sites or downloading popular apps as these are the most common targets for such malpractices.

That said, we will be back with more such stories once new information becomes available so stay tuned.

In the meantime, you can check out our dedicated Windows and Telegram sections to get the latest updates on the topics.

PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.