Vulnerability and malware being shared by secure messaging app Telegram

January 2019 by Forcepoint

• Not all Telegram users are affected. It is our belief that the Bot API is used by a sub-set of Telegram users

• The usages of the Bot would be for automated communications or updates, so for example a group of developers might use it to post updates to a group to inform people that a task was complete (like Slack or Teams)

• Others may use Bots for automated conversations, to share news or updates

• Risks to enterprises are low, as the type of information shared via a bot is likely to be non-confidential, however if developers are using it to share updates to software, in theory IP could be at risk

• Note that Telegram is a free app. Any developers or enterprises using it should weigh up the risks of sharing confidential or valuable information via this app

• The vulnerability we uncovered requires a MiTM attack to extract information