New Telegrab for Telegram

Posted by Kyle 12:09 PM (CDT)

Wednesday May 16, 2018

That totally secure Telegram desktop app you are using may not be as secure as you think it is when there are bad actors about. Cisco Talos researchers have found what they have dubbed "Telegrab," a malware that can collect key files and cache file from the fully encrypted Telegram program. Here is something that might get your attention. It has also been noted to get your Steam login information! Think about your life without being able to play Max Payne over one last time. Did I mention this malware is colluding with Russia? Well, it seems to be mostly targeted to Russian speaking users at this time. That said, go an enable 2FA on your Steam account before you are one step closer to never seeing the dawn of bullet-time again.

Talos intelligence research allowed the identification of the author behind this malware with high confidence. The author posted several YouTube videos with instructions on how to use the Telegram collected files to hijack Telegram sessions and how to package it for distribution.

The operators of this malware use several hardcoded accounts to store the exfiltrated information. This information is not encrypted, which means that anyone with access to these credentials will have access to the exfiltrated information.