Telegram Exploit Used to Mine Monero and Zcash

Hackers used right-to-left override to mine crypto using victims computer and to install spyware
14 February 2018   947

Kaspersky Lab specialists discovered a breach in the Telegram client for Windows, which hackers used to mine cryptocurrency and install spyware since March 2017. Victims of intruders could be up to 1 thousand people, according to Kommersant.

According to experts, the vulnerability was to use an attack RLO (right-to-left override), through which attackers changed the order of characters in the name and file extension. Thus, the victim downloaded malicious software under the guise of, for example, images, and launched it themselves, unaware that it was an executable file. This allowed cybercriminals to gain remote access to victims' computers and use their computing capabilities to mine Monero, Zcash, Fantomcoin and others.

In addition, hackers installed spyware on computers. So, on the servers of cybercriminals, analysts found archives with the local cache of Telegram, which the criminals pumped out from the victims devices. Each of them, among other things, contained in various user materials in encrypted form: documents, audio and video recordings, photographs.

The detected artifacts allow us to suggest the Russian origin of the criminals. Some lines in the malicious code were in Russian, and in the "lit" email addresses of intruders appeared Russian words and names.

Alexey Firsh
Kaspersky Lab

All cases of hacker attacks were recorded in Russia and only with a client for Windows. At the same time, Kaspersky Lab's specialists do not exclude that other platforms were exposed to vulnerabilities.

Currently, Telegram instant messenger developers are notified of the problem, the vulnerability is already closed.

Two Mining Pools to Gain 50% of the BCH Hashrate

Media reports that Coingeek and BMG Pool are affilated with odious Australian entrepreneur Craig Wright
18 September 2018   114

The centralization of Bitcoin Cash mining has reached a new level after only two pools - Coingeek and BMG Pool - have established control over more than 50% of the total network hash. This is reported by Trustnodes.

Bitcoin Cash Mining Pools
Bitcoin Cash Mining Pools

Earlier today, there were also reports that at some points the aggregate capacity of both pools reached 58%.

While BMG Pool directly belongs to the odious Australian entrepreneur Craig Wright, the no less scandalous Calvin Ayre, who maintains close ties with Wright, is considered the nominal owner of Coingeek.

The current situation, the media believes, does not exclude the possibility of collusion of the 51% attack on the network. In particular, in this case there is a probability of double spend of coins, which, accordingly, will force the exchange to increase the number of required transaction confirmations.

At the same time, the current situation is likely to be a demonstration of power by Craig Wright on the eve of the November upgrade of the network. As a result of disagreements between different groups of developers, it is still possible that Bitcoin Cash, which at one time split from bitcoin, will itself be split into two separate chains.

Note that the Bitcoin Cash hashrate on the whole continues to remain at a fairly low level, accounting for less than 8% of the bitcoin.