Experts in computer security, Cisco Talos discovered a malicious program that can steal data from version messenger Telegram for desktop computers. The author of the program is alleged to be the hacker under the pseudonym Enot272 whether Enot272, writes the BBC.
“A cursory analysis shows that Racoon Hacker is Russian native speaker and has a great understanding of the Python programming language. For example, decoding the user’s home directory is executed by using the encoding scheme of characters in CP 1251, which is mainly used for languages such as Russian or Ukrainian,”— experts say.
See also: the United States will increase 2 times the amount of aid to Ukraine to bolster cybersecurity
According to a report by Cisco Talos, in April 2018, a hacker attacked twice Telegram, with the result that he was able to steal the cache files and the encryption keys messenger. These keys constantly change, so the success of a hacker doesn’t mean he can read the letters all users.
In the cache Telegram stores files that users used in the correspondence — documents, video, audio, photos.
At the same time, it is noted that the malware attacks only version of messenger for computers, because it is not the function of the secret chat. In addition, the default in this version is poorly configured security, noted in a Cisco Talos.
See also: And he called you a worm: hackers broke into the Rossotrudnichestvo
Experts believe that the vulnerability allows access to the session, contacts, and correspondence of the victim. In particular, the program scans your hard disks on computers running the Windows operating system on the subject of the credentials of the Google Chrome browser. Also scanned cookie (settings and user statistics) and text files. All of this, when detected, archived and downloaded to a cloud data storage service pcloud.com.
The researchers believe the malware author is English-speaking. This version is backed by found on YouTube a video instruction on using the program in Russian. Currently the video is unavailable.
Rather, it is the handiwork of the hacker Hacker Racoon, also known as the Eyenot (Raccoon/Enot) and Racoon Pogoromist believe in Cisco Talos.
Basically, the hacker uses to write programs in the Python programming language, but researchers have recorded cases of spread malicious program in the boot loader, written in less popular languages Go, and AutoIT .NET.
The administration Telegram has not yet commented on the information about hacking.
As previously reported “FACTS”, threat viruses have learned to circumvent the protection Google.