Since the start of the war-related operation in Ukraine, several Telegram accounts linked to administrators of Russian channels have been hacked after being redirected through malicious links. This was reported to socialbites.ca by Igor Bederov, who heads the information and analytical research department at T.Hunter.
According to Bederov, the attacks occurred when hackers posted links to Telegram chats and channels. Those links led to resources containing malicious code. In some cases, the attacker gained control of the victim’s Telegram account through these actions.
Bederov explained that a vulnerability exists in the desktop version of Telegram, which can allow third-party code to run when a link is clicked. The injected code is designed to transfer access to the compromised account to an attacker. He noted that this type of vulnerability was not seen before in practice, and referenced a similar issue identified by Positive Technologies researchers in April 2021. At that time, there was no indication that it had been exploited in the wild.
The analyst suggested that the flaw likely resides in the apps that open hyperlinks rather than Telegram itself. He anticipates that the Telegram team will address the vulnerability in the upcoming desktop update.
Bederov has tracked multiple cases where this vulnerability has affected administrators of Russian Telegram channels. While he cannot rule out additional victims, the names of individuals affected have not been disclosed publicly.
He also warned that attackers are not limited to infected channel and chat links. They are also distributing links to malware installers that share the same malicious behavior, often masqueraded as video files with an mp4 extension. These deceptive files aim to gain access by convincing users to run the payload on their devices.
Telegram has been notified about the vulnerability. The disclosure confirms ongoing concerns about the potential for similar exploits to arise across messaging platforms and underscores the importance of cautious link-clicking, especially from unfamiliar sources. In related policy discussions, there are calls for digital safety measures to help protect users from exploit kits embedded in links and files, highlighting broader debates about how instant messaging tools can be regulated and improved for user protection.
In summary, researchers and security analysts are watching this space closely. The focus remains on strengthening the security posture of messaging apps on desktop environments and ensuring that users are not inadvertently exposed to compromised content through seemingly legitimate links. Attribution: information provided by security researcher Igor Bederov; observations are consistent with findings reported by Positive Technologies in 2021.