Search the Community
Showing results for tags 'telegram desktop'.
mood posted a topic in Security & Privacy NewsFake Telegram Desktop App Malware Campaign Persists Google Ad Leads to Malicious App Disguised as Telegram Jannis Kirschner, an independent security researcher based in Basel, Switzerland, searched on Sunday for the desktop version of the popular messaging application Telegram. The second Google result, an advertisement, led him straight to malware disguised as the desktop version of Telegram for Windows. It was convincing enough at first glance that Kirschner says he "almost fell for it myself." It's a common ploy for malware distributors to use the same advertising tools that online merchants use to lure people. Google patrols its advertising ecosystem to stop abuse, but malvertising remains a persistent problem. Here is Kirschner's screenshot of the malicious Google ad, which showed up second in a search result. Kirschner, who did a technical write-up on his site, Suid Vulnerability Research, took an in-depth look at the campaign, which involved three domains spoofing Telegram. Although visiting one of those sites, telegramdesktop[dot]com, now triggers a warning from Google's Safe Browsing tool as being unsafe, two of the sites are still active and presumably duping others. Those are telegramdesktop[dot]net and telegramdesktop[dot]org. Kirschner has reported the sites to Google. OpSec Errors All three spoofed sites are clones of Telegram's website. All of the links on the cloned sites redirect to Telegram's legitimate domain, desktop.telegram.com. But one link is swapped out, which is purportedly the executable for the Windows version of Telegram desktop. Kirschner says that whoever is running the sites made a few operational security mistakes that shed light on how successful the campaign has been. The .com and .net sites have seen 2,746 downloads of the malicious Windows executable, and a second-stage malware was then pushed down 129 times. The .org site snared 529 downloads in just two days, Kirschner says. Whoever is behind the malware campaign used Bitbucket - a GitHub-like alternative from Atlassian - to host it. The software repository that held the malware was accessible, which allowed Kirschner to see the number of downloads. "A repo probably was a bad choice for delivering malware since it's very verbose (download numbers, time and other documents)," Kirschner says. "The biggest opsec mistake was that they didn't clean one of the repo's metadata, which led me to discover commit messages and their e-mail [address]." All links on this bogus site lead to real links within Telegram's main website - except for the Windows executable, which is malware. The commits repository lists a user nickname, "TrustVarios," and an email: "[email protected] The same group or person likely set up all of the sites, Kirschner says. "I believe that it is the same threat actor or group since the TTPs [tactics, techniques and procedures] are the same, and all sites have been established in a very close timeframe using the same hoster and certificate authority," he says. Hosting malware on services such as Bitbucket offers at least a temporary advantage: Bitbucket links on the surface are often considered legitimate, and attackers have a window of abuse until someone reports a malicious repository, which then must be removed. The methods help disguise a campaign from technical filtering and manual vetting but don't necessarily scale well, Kirschner says. A report from the security firm Cybereason in February 2020 described more than a half-dozen infostealers, cryptominers, ransomware and other malware that bad actors placed on Bitbucket. "The attackers leverage Bitbucket to easily update payloads and distribute many different types of malware at once," Cybereason wrote. "In order to evade detection, they have an array of user profiles and continuously update their repositories, at times as often as every hour." Information Security Media Group noticed that kind of swapping behavior this week. On telegramdesktop[dot]org, the link to the malicious Windows file switched within two hours on Wednesday morning from being hosted on Bitbucket to another domain, tupdate[dot]net. The latter domain has now been suspended by its hosting provider, and Bitbucket has removed the malicious binaries. Second Stage: AZORult Infostealer The telegramdesktop[dot]com site appears to be on a shared hosting service in Moldova. "The web service promotes itself that it takes bitcoin as payment option, so it seems like a great hosting for criminals," Kirschner writes. That domain was registered on Dec. 29, 2020, Kirschner says. But a search on the Internet Archive's Wayback Machine shows the telegramdesktop[dot]com redirected to telegram.org, the legitimate domain. "I assume that domain once belonged to Telegram themselves, expired and was taken over by the criminals now," Kirschner says. The malware hosted on the site, TGInstaller.exe, is a .NET executable. After that gets installed, the second-stage payload is AZORult, which is a common information stealer that appeared about five years ago and was first sold on underground Russian forums, according to the security firm Trend Micro. "AZORult was being used in malvertising campaigns targeting a popular VPN service, as well as using COVID-19 themed campaigns," Kirschner writes. AZORult is designed to pilfer login credentials, cryptocurrency wallets, Telegram messages and many items in Google's Chrome browser, including cookies, autofill information, passwords and location data. In February 2020, IBM wrote that AZORult was delivered as part of another malvertising campaign that purported to offer ProtonVPN, the VPN service developed by Proton Technologies, which created ProtonMail. Source: Fake Telegram Desktop App Malware Campaign Persists
vissha posted a topic in Software NewsToday’s Telegram update brings you an easy way to save conversations on your disk. In just a few taps, you can export some (or all) of your chats, including photos and other media they contain. As a result you’ll get all your data accessible offline in JSON-format or in beautifully formatted HTML. Data Export Results To use this feature, make sure you have the latest version of Telegram Desktop installed on your computer, then click Settings > Export Telegram data. This tool will be particularly useful for users who have millions of messages and can’t easily access the oldest parts of their messaging history. You can export individual chats by opening the … menu in any chat and choosing Export chat history. Exceptions in Notifications Telegram was the first app to give its users notorious flexibility in fine-tuning how their message notifications work. Today we are taking this further by adding Exceptions to the notifications settings, where you can see which chats are excluded from the global settings you defined in Settings > Notifications. Notifications Exceptions Muting all chats but a few (or vice versa) has never been easier. Improved Telegram Passport We’ve been overwhelmed by the reception of Telegram Passport – the tool to log into third-party apps that require real-life identity. Just two weeks after its launch, Passport can be used to sign up for many services, from established sharing economy services to blockchain startups. To name just a few projects that integrated Telegram Passport: Sum & Substance (KYC & user verification), CEX.IO and Xena (cryptocurrency exchanges), CryptoPay (wallet), YouDrive (carsharing), Profi and Worki (job marketplaces), Minter Network and Minexcoin (blockchain startups), KICKICO, Cryptonomos and ICOadmin (ICO platforms). Building on this success, today we’re upgrading Passport to support names in original languages and additional types of documents. We’ve also strengthened the algorithms that encrypt Passport data to better protect your data against hacking attacks coming from Telegram (however unlikely those may seem). This way we further ensure that only you have access to your private data. Source Code and APIs As always, you do not have to take our word on how our encryption works. The updated source code of Telegram apps reflecting all of today’s changes is available on GitHub and open for everybody to review. If you are a developer of a service that requires identity verification, make sure you check out these docs explaining how Telegram Passport can be integrated into your app. Source
vissha posted a topic in Software UpdatesTelegram for Desktop is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You can use Telegram on all your devices at the same time — your messages sync seamlessly across any number of your phones, tablets or computers. Download Telegram Offline Installer Setup for PC! With Telegram, you can send messages, photos, videos and files of any type (doc, zip, mp3, etc), as well as create groups for up to 1000 people or channels for broadcasting to unlimited audiences. You can write to your phone contacts and find people by their usernames. As a result, Telegram is like SMS and email combined — and can take care of all your personal or business messaging needs. You can download Telegram for PC offline installer from our site by clicking on free download button. What can you do with Telegram? Connect from most remote locations. Coordinate groups of up to 1000 members. Synchronize your chats across all your devices. Send documents of any type. Encrypt personal and business secrets. Destruct your messages with a timer. Store your media in the cloud. Build your own tools on our API. Enjoy feedback from your customers. Changelog v 1.3.14: Fix a crash in calls. v 1.3.13: Export data from individual chats using the '...' menu. Added a new night theme. You can now assign custom themes as night and day themes to quickly switch between them. Support for Telegram Passport 1.1 and improved password hashing algorithm to better protect Telegram Passport data. v 1.3.12: Bug fixes and other minor improvements. v 1.3.11: Added a new night theme. You can now assign custom themes as night and day themes to quickly switch between them. v 1.3.10: Bug fixes and other minor improvements. v 1.3.9 Mark chats in the chat list as Read or Unread. Improved censorship circumvention. v 1.3.8: Bug fixes and other minor improvements. v 1.3.7: Push fixes to stable version. v 1.3.6: Bug fixes and other minor improvements. v 1.3.5: Bug fixes and other minor improvements. v 1.3.4: Bug fixes and other minor improvements. v 1.3.3: Bug fixes and other minor improvements. v 1.3.2: Bug fixes and other minor improvements. v 1.3.1: Bug fixes and other minor improvements. v 1.3.0: Improved censorship circumvention. Improved stability when working through proxy servers. Save several proxy servers to quickly switch between them in Settings. Use proxy for calls. Emoji and text replacement now happens immediately after typing (instead of after sending) and can be rolled back using Backspace or CTRL/CMD + Z. Replacement no longer happens when pasting text. Added formatting shortcuts. Select text and use: CTRL/CMD + B/I for bold and italic CTRL/CMD + K to create or edit a custom link CTRL/CMD + SHIFT + M for monospace font CTRL/CMD + SHIFT + N to clear formatting Homepage Changelog - only major versions Github page - Source code & all builds changelog FAQ ███ Desktop Windows or Direct Link: https://updates.tdesktop.com/tsetup/tsetup.1.3.14.exe Portable or Direct Link: https://updates.tdesktop.com/tsetup/tportable.1.3.14.zip Mac or Direct Link: https://updates.tdesktop.com/tmac/tsetup.1.3.14.dmg App Store or Direct Link App Store: https://itunes.apple.com/us/app/telegram-desktop/id946399090 Linux x64 or Direct Link: https://updates.tdesktop.com/tlinux/tsetup.1.3.14.tar.xz Linux x86 or Direct Link: https://updates.tdesktop.com/tlinux32/tsetup184.108.40.206.tar.xz v1.3.13: Win Direct Link: https://updates.tdesktop.com/tsetup/tsetup.1.3.13.exe Portable Direct Link: https://updates.tdesktop.com/tsetup/tportable.1.3.13.zip Mac Direct Link: https://updates.tdesktop.com/tmac/tsetup.1.3.13.dmg Linux x64 Direct Link: https://updates.tdesktop.com/tlinux/tsetup.1.3.13.tar.xz Linux x86 Direct Link: https://updates.tdesktop.com/tlinux32/tsetup220.127.116.11.tar.xz ███ Phone Android or Direct Link Google Play: https://play.google.com/store/apps/details?id=org.telegram.messenger iphone / ipad or Direct Link App Store: https://itunes.apple.com/app/telegram-messenger/id686449807 Windows Phone