Cybersecurity specialists have uncovered a novel malicious script capable of illicitly accessing a Telegram account on a personal computer, bypassing the requirement for both a password and an SMS verification code. According to reports from the anti-malware.ru portal, this script masquerades as a routine Windows operating system update and is initiated using built-in system utilities.
Once executed, the malware scans the compromised device for files associated with Telegram Desktop, which store the account’s authentication key. Upon locating this data, the program terminates the Telegram application, duplicates the crucial files, and transmits them to the attackers.
The fundamental danger here is that by obtaining this information, threat actors gain complete control over the Telegram account, allowing them to impersonate the legitimate user without needing any further authentication steps.
Moreover, the program is designed to gather fundamental system details, such as the username and the IP address, appending this collected information to the stolen credentials.
Researchers indicate that this particular piece of malware is currently in a testing phase, and no widespread deployment has been observed yet. Nevertheless, the mechanism of operation developed for this threat already constitutes a significant potential risk to end-users.
About the Author
