Vulnerability and malware being shared by secure messaging app Telegram

January 2019 by Forcepoint

Forcepoint Security Labs have just unveiled their latest research revealing that the Telegram encrypted messaging service is being used as a Command and Control (C2) infrastructure for malware. What the security labs team found which has been discussed in more detail is that:

• Not all Telegram users are affected. It is our belief that the Bot API is used by a sub-set of Telegram users
• The usages of the Bot would be for automated communications or updates, so for example a group of developers might use it to post updates to a group to inform people that a task was complete (like Slack or Teams)
• Others may use Bots for automated conversations, to share news or updates
• Risks to enterprises are low, as the type of information shared via a bot is likely to be non-confidential, however if developers are using it to share updates to software, in theory IP could be at risk
• Note that Telegram is a free app. Any developers or enterprises using it should weigh up the risks of sharing confidential or valuable information via this app
• The vulnerability we uncovered requires a MiTM attack to extract information

