Katya Michaels

Bitcoin Mining Malware Distributed Through Telegram App: Kaspersky Lab

Kaspersky Lab reports that Bitcoin mining malware was distributed through the desktop application of widely utilized messaging app Telegram.
Bitcoin Mining Malware Distributed Through Telegram App: Kaspersky Lab

 

Kaspersky Lab, one of the leading cybersecurity firms and anti-virus software development firms, has reported that Bitcoin mining malware was distributed through the desktop application of widely utilized messaging app Telegram.

In an official statement, researchers at Kaspersky Lab confirmed that malware was distributed by attackers targeting Russian telegram users, by distributing images of kittens in the form of JavaScript files.

Desktops infected

The files were titled as png files, to deceive users and trick Telegram users to download the malware and run it. Once malware was exposed to a desktop device, it began to execute several operations, including mining cryptocurrencies like Bitcoin.

The vulnerability was detected only in the Telegram Windows client, not in mobile apps. Our experts discovered not only its existence but also that attackers were actively using it. Victims’ operating systems should warn them if they are about to run an executable from an unknown source, which ought to set off some alarm bells, but many people click Run without looking at the message,

 said the Kaspersky Lab team.

The Kaspersky Lab team further noted that the malware had two payloads or two distinct operations. The first payload installed a hidden cryptocurrency miner, mining Bitcoin with the computer, slowing down and overheating the device. The second payload allowed hackers to gain full access to the device and execute any operation, such as removing or installing more programs and malware and obtaining sensitive information.

The second payload of the miner could have allowed hackers to gain sensitive financial information such as locally stored cryptocurrency wallet private keys or backup codes.

Disguised files

However, Telegram emphasized that the malware was not distributed due to an internal issue of the Telegram desktop app or vulnerability. The malware was only executed if Telegram users clicked on the JavaScript file disguised as an image PNG file. As such, the malware could have been distributed through any other messaging application.

This is not a real vulnerability on Telegram Desktop, no one can remotely take control of your computer or Telegram unless you open a (malicious) file,

 the Telegram team told Reuters.

Malware targeting cryptocurrency wallet users and desktops to mine cryptocurrencies like Bitcoin have been in existence since early 2017. In November, a new form of malware circulated around the web, that autonomously installed itself to devices and changed Ethereum wallet addresses on the clipboard to a different address.

Ethereum addresses

The malware kept a list of thousands of Ethereum addresses, and once an address was copied to the clipboard by the owner of the device, it autonomously changed the address to an external address, redirecting funds to hackers and developers of the malware.

One victim of the wallet address modifying malware wrote:

[I copied the] Ethereum address from MyEtherWallet, pasted into notepad. It changed it right on the spot. Maybe I didn't copy right? Copy paste again, same address. Maybe my clipboard isn't flushing? Copy other text on the screen and paste, that works copy address again and paste, that same different address appears! Something funky with MyEtherWallet? Open up Firefox, go to my wallet, copy-paste. THAT works fine. This is on my end.

Users of messaging applications have to take additional measures in dealing with attachments and files, to ensure that no malware penetrates into their devices.

views
👓 Recommended articles
🕵️‍ ICO Watch Tzao Se

Past ICO Review: Borderline Porn May Help Substratum to Bootstrap

👁 ICO Watch
This ICO is a good tech, but are perverts the only ones who are really willing to pay for the freedom of the Internet?
Past ICO Review: Borderline Porn May Help Substratum to Bootstrap

If Silicon Valley’s scriptwriters aren’t secretly paid by the Blockchain community, they should be. Look how many successful ICOs more or less replicate Pied Piper’s idea from the series- you remember that, hosting insurance company’s critical data on fridges worldwide, decentralized Internet and so on?

Filecoin. Storj.  And Substratum. The last one, a relatively modest player in terms of amount raised (about $13 mln), offers not a decentralized file storage, but rather decentralized hosting and content delivery network, with integrated cryptocurrency payment platform for the hosted services. This means one can host their content and receive payments for it in a decentralized manner.

Road ahead

Their concept seems to be well-thought, and the white paper foresees the most obvious questions.

Sort of Tor-meets-AWS thing, where anyone can host a portion of someone else’s content on a node run even on their PC, and earn money every time this content is served to someone. Accessible, unlike Tor, for non-initiated, from a normal browser, with no plugins or extensions. $SUB token is used to pay off people who provide CPU time and disk space for the decentralized network.

Screw the establishment! Hail Net Neutrality! Long live the freedom of expression! At this point, Silicon Valley set gradually transforms into Mr. Robot’s. Fade off.

Yeah, right. Well, now shake your head and try to breathe out the hypnotic atmosphere of official telegram groups; these mostly look like a boys’ band fan club chat.   

💼 Related Article
Past ICO Review: How Anti-Stupidity Crypto Project Has Reached its Goals by Completely Failing
🔥 Hot
8 months 2 weeks
256
Past ICO Review: How Anti-Stupidity Crypto Project Has Reached its Goals by Completely Failing

Make no mistake, Substratum is a good performer, and seemingly a good tech. It has more than decent team. They keep their roadmap ($SUB people expect the public beta this April). They maintain communication. They didn’t erase their whitepaper after the token sale ended. They don’t change the idea.

There are even rumors that the team intends to run ads on CNN, CNBC and Fox Business News soon (which may, in theory, attract users to the network and/or $SUB buyers). That’s all good, or as good as one can get in a market as immature and untamed as ours.

But how big is the market for the problem they offer to solve? Do they have a chance to become a global operator? Or will Substratum be confined to a niche, as a solution for the gray zone of the Internet? How many paying people are actually willing to pay for the Internet “to be a free and fair place for the entire world?’

“Your margin is my opportunity”

I’d respectfully disagree with Substratum’s white paper’s authors though when they say that “The primary issue with web hosting in its current form is that is incredibly expensive! It can cost upwards thousands of dollars per month solely to host the site files—this doesn’t include any maintenance costs or additional security. This makes it incredibly difficult for small or medium-sized businesses to have a strong web presence without incurring significant costs.”

Well, a small or medium-sized business normally doesn’t need “a strong web presence” that incurs that kind of costs. If that’s the market they aim for, well…

💼 Related Article
Past ICO Review: Why You Can’t Take Polybius To the Bank
🔥 Hot
8 months 2 weeks
256
Past ICO Review: Why You Can’t Take Polybius To the Bank

Substratum white paper claims that, since they will only charge for click, not uptime as AWS, they’ll be able to reach a level of prices “less expensive than current industry standard hosting.” Larger hosting companies margins are pretty high (Rackspace’s EBITDA margin was above 35% before it became private in 2016, and stopped publishing quarter results - the NOPAT margins were much lower, about 7.8% though), so, as Jeff Bezos said, “your margin is my opportunity.”

Individual nodes won’t have the kind of overheads, taxes,  infrastructure or costs of a hosting company, so the assumption of much lower price is feasible.

Another question is whether node owners would settle for that technically feasible lower price. They don’t have the scale of the large company, so they must be kept motivated.

Imperfections

Notwithstanding that, some users will install a node without commercial interest, to browse Substratum network (like they do in Tor) in a decentralized mode, especially in countries with a high level of Internet censorship and state control. It is unclear whether these non-professional participants will be enough to keep Substratum running. Substratum will install and run several supernodes to maintain the network to address this issue in early stages of network growth, though.

Neither it is clear how much resources one should commit to earning a meaningful income. It will be a function of the number of sites in the network and the traffic to them from the region which is close to the node. The latter is important because Substratum protocol attempts to provide data from the geographically-closest nodes.

💼 Related Article
Past ICO Review: Aventus Keeps Bleeding in Silence
🔥 Hot
8 months 2 weeks
256
Past ICO Review: Aventus Keeps Bleeding in Silence

Another possible problem that remains would be the volatility of the token, i.e., susceptibility to price manipulation, so that either hoster’s expenses may increase in an unforeseen manner, or, vice versa, nodes income may fall. Prolonged periods of token price instability may disrupt the network and make it unreliable. This is true for many projects, of course.

Also, the network architecture may be susceptible to fraud to a certain degree. If the node owner determines what content it stores (nodes aren’t supposed to know that, in Substratum architecture), a fraudulent scheme is imaginable: false bit traffic is generated, which is then “served” by the node, who then claims rewards.

If the node or group of nodes is big enough, it may theoretically accumulate enough content to be selected by Substratum DNS with a high probability, so this kind of spoofing operation is possible.

The Internet is for porn

All good inventions of the human race are first used either for killing fellow humans, or to distribute pornography or prohibited substances. There’s almost no exceptions from this rule, and Substratum certainly isn’t one of them.

I am sure that, the obvious market for Substratum services, that will help it grow in the medium term, will be specialty and fringe online porn, and illegal/fringe pharmacy/drug sales. Anonymous hosting + anonymous content delivery + anonymous payment platform = that’s practically an invitation for porn peddlers and drug dealers.

💼 Related Article
Top 10 Spectacular ICO Failures
🔥 Hot
9 months 3 weeks
256
Top 10 Spectacular ICO Failures

I am not a moralist, so I see these businesses as acceptable as any other unless someone gets hurt against their will.

Substratum’s team claim that there’d be an internal governance procedure of the network allowing to take down obviously malicious players (like child pornography) from the network. If that doesn’t happen, the network may attract the unnecessary attention of the state or states.

Many of the Hollywood celebrities were engaged in porn before they became famous. But many others never left porn, and never had the luck to enter the spotlight. What fate awaits Substratum?

The state and the states will be watching Substratum unless it is well-governed from within, or even if it is. But CryptoComes started watching it first. Stay tuned.

💼 Related Article
The Unreal Estate: Why Blocksquare’s ICO Faces Big Big Problems
🔥 Hot
8 months 2 weeks
256
The Unreal Estate: Why Blocksquare’s ICO Faces Big Big Problems

🕵️‍ ICO Watch
views
👓 Recommended articles
🤷 Opinions Tzao Se

Will ICO of “Most Successful Project of Russian Intelligence” be Affected by Russia’s Ban?

Opinions
No matter if Telegram persecution is real or “maskirovka,” Russian ban brings little consequences for TON
Will ICO of “Most Successful Project of Russian Intelligence” be Affected by Russia’s Ban?

Following Telegram’s refusal to disclose encryption keys to Russia’s law enforcement agencies, the messenger has been effectively banned in Russia by a court order. The ban will most probably start to be enforced on Monday, April 16 as Russian network operators adjust their settings.

Should Telegram ICO pre-sale investors be worried? What would be the effect of the ban on the upcoming Telegram ICO? Will the ban affect the global ICO community?

In my humble opinion, all answers are outright “no.” Telegram’s ICO will survive the Russian ban without any trouble worthy of the name.

Losing entire Russian user base won’t harm TON

First, Russia’s share of active Telegram users isn’t that great. In January 2017, according to the Russian press, some six percent of the platform users were Russian residents/citizens.

2017 has been marked by an explosion of Russian-language Telegram media, that compensated for the lack of the freedom of expression in Russia, and became a cultural phenomenon in a country, where all influential media are controlled by the regime.

Expert polls published in March 2018 shown that some 12 percent of Russians, used Telegram; that gives us an estimate of some 11 mln active Russian users in Telegram as of March 2018, so the ratio of five to six percent of the total user base being Russian, is apparently maintained.

💼 Related Article
Russia Bans Telegram, Shuts Down an Important Network For Cryptos and ICOs
🔥 Hot
8 months 1 week
256
Russia Bans Telegram, Shuts Down an Important Network For Cryptos and ICOs

If the ban is 100 percent effective (and that’s a big “if!”), and Telegram loses its entire Russian user base, it won’t affect TON network projections in a significant manner. Telegram is far from being the most popular messenger platform in Russia. After all, Russia’s entire population is less than two percent of the global.

The ban could be circumvented

Second, the ban is hardly enforceable. Telegram founder, Mr. Pavel Durov already stated that the messenger will use its “built-in mechanisms” to circumvent the block so that most users won’t even have to figure out VPNs or proxies. Also, a spike of interest to internet-privacy and anonymity is reported in Russia, as a result of the ban, so that users will take their countermeasures, too.

Telegram links with Russia

Third, the ban won’t affect ICO community worldwide. Telegram has “tens of thousands” of servers worldwide, and it is not incorporated in Russia. It is true that many notable persons of the crypto-scene are Russians, and reside in Russia, and use Telegram, but it is unlikely that they, of all others, would be cut off.

Fourth, the ban won’t affect Telegram team. Even that Mr. Durov is a Russian citizen, he also holds a second passport of Carribean microstate St. Kitts and Nevis and is said to reside in Dubai.

💼 Related Article
Past ICO Review: How Anti-Stupidity Crypto Project Has Reached its Goals by Completely Failing
🔥 Hot
8 months 2 weeks
256
Past ICO Review: How Anti-Stupidity Crypto Project Has Reached its Goals by Completely Failing

Oligarchs’ dilemma

Fifth, it is hardly possible that “Russian oligarchs” (many wealthy Russian entrepreneurs, including a well-known tech investor Boris Milner, allegedly participated in TON pre-sale) would withdraw from the project. Even if they do, they’d have to sell their digital assets at a loss. It may affect TON exchange rate in the short term, but longer-term consequences would hardly be substantial.

On the contrary, in a bid to protect their investment, these persons of influence may rather broker a deal between Russia’s intelligence services and Telegram, and the ban will be lifted eventually.

💼 Related Article
Past ICO Review: Aventus Keeps Bleeding in Silence
🔥 Hot
8 months 2 weeks
256
Past ICO Review: Aventus Keeps Bleeding in Silence

The entire persecution may be staged

Finally, there are voices in Russia who openly doubt the validity of the presumed feud between Telegram and the Russian government.

Artemy Lebedev, Russia’s web patriarch, called Telegram “the most successful project of Russian intelligence.”

Mr. Lebedev claimed the entire project might be a honeypot designed by FSB specifically to gather everyone with something to hide in one place - and then watch it.

In January 2018, Mr. Lebedev wrote in his Telegram channel, as quoted by Inc. Magazine Russia.:

“I want to shake their hands to congratulate them [Russia’s intelligence services] that they’ve finally managed to create a real, international, non-pathetic product that works, and is not associated with them. I have no doubt whatsoever that EVERYTHING in Telegram is monitored by the people who has a need for that.”

“I am proud of this achievement, Lebedev goes on. “All they’ve had to do was to fabricate an image of martyr for Telegram’s creator, who voluntarily sold his controlling stake in his previous project and went abroad for good. And yet everybody thinks somehow that he’s persecuted by the FSB. And FSB, with a menacing grimace, fines his service for like 50,000 rubles ($800) two times a year for noncompliance with some line that of subparagraph this of the second footnote of article three of some law.”

The Russian court fined Telegram 800,000 rubles (around $12,000) for refusing to disclose users’ personal details on a subpoena.

Anyway, be the Telegram persecution real or staged, it is immaterial for TON ICO perspectives: its success will depend on the tech, marketing, and user base. Russia’s ban doesn’t affect any of these significantly.

But we’ll keep watching TON for you anyway.

💼 Related Article
Past ICO Review: Why You Can’t Take Polybius To the Bank
🔥 Hot
8 months 2 weeks
256
Past ICO Review: Why You Can’t Take Polybius To the Bank

🤷 Opinions
views
👓 Recommended articles
🕵️‍ ICO Watch Brian Kean

5 Main Reasons Why Telegram ICO Can Fail

👁 ICO Watch
Telegram has already received pre-orders for $3.8 bln. It thrice surpasses the amount of $1.2 bln, claimed as the aim of TON ICO. But the hype could hide problems that not many are talking about.
5 Main Reasons Why Telegram ICO Can Fail

Even experts, who are generally skeptical about cryptocurrency, are optimistic about Telegram Open Network (TON). The main argument in favor of the TON ICO is that the company already has more than just a white paper.

But a closer look shows that the things are not so obvious.

The most ambitious ICO yet

The ambitiousness of the TON ICO amounts to more than its aim of raising $600 mln only in private sale of tokens to large investors with the average check of $20 mln.

It is worth to note that Telegram has already received pre-orders for $3.8 bln. It thrice surpasses the amount of $1.2 bln, claimed as the aim of TON ICO.

Key concerns are whether the messenger can succeed in building revolutionary crypto-ecosystem and in implementing conversational commerce in its product as WeChat has done.

2011 failure

Durov failed with his first digital currency in 2011.

Vkontakte, the social network founded by Pavel Durov, shut down its payment system in 2011 due to low demand. Only around one percent of users were spending its internal digital currency on shopping.

Later, in 2014 Durov sold shares in Vkontakte, left Russia and launched encrypted messaging service Telegram.

Will the Telegram Open Network (TON) launch become a successful revanche for  Durov?

durov_1

Green Team

The hardest challenge for the project is its attempt to create, as they call it, a “truly mass-market cryptocurrency.” The Telegram team is led by one of the world’s most talented programmers, Nikolai Durov.

His technological approach to building fast and scalable cryptocurrency transactions seems reasonable, but very multidirectional.

The weak point may be the implementation of this concept, as none of the Telegram team has previous experience in the blockchain industry.

durov_2

Trailing other messengers

Telegram stays behind almost all other messengers by the number of monthly active users. But its users are the keenest on transferring money(GlobalWebIndex research).

According to TON primer white paper, Telegram will reach 200 mln MAU by the end of Q1, 2018.

That means that by the audience it will continue to fall far behind the market leaders such as WhatsApp, Viber, WeChat, etc.

It’s only fair to say that despite the low number of its users, Telegram obviously has success with their engagement. According to GlobalWebIndex research, Telegram users are the keenest on transferring money. They are almost twice as likely to do this than users of WhatsApp or Facebook Messenger.

But this is not the major achievement of Durov’s team. Based on security, privacy, and anonymity, Telegram goes beyond a traditional messenger and becomes a new media platform similar to Youtube or Instagram with its types of content, opinion leaders and native ads.

The white paper states that Telegram’s public broadcast channels generate over 30 bln views by 80 mln users per month. It is easy to guess that its unofficial advertising turnover probably amounts to millions of dollars.

In this paradigm, the key competitor for Telegram is the centralized app WeChat owned by Tencent, a $300 bln worth company.

Having tremendous success in China, WeChat has no idea yet on how to expand its audience in the west. A token sale along with the implementation of Blockchain will give Telegram a chance both to raise money and build a reliable ecosystem to compete with WeChat.

durov_3

US Compliance Uncertainty

SAFT usage is mentioned as "likely," while there can be around two quarters between token sale and distribution.

durov_4

Legal problems ahead

The legal aspect of TON ICO and post-ICO expansion is still a question as it is described neither in primer white paper nor media.

durov_5

Besides these complexities, the TON ecosystem could be limited by Telegram’s modest footprint in the largest markets such as the US, China, Brazil, Japan, India, Indonesia, South Korea, where other messengers’ presence are currently much higher.

Volatility and liquidity

According to market rumors, the line of venture funds wishing to include Telegram in their portfolios is rather long. Kleiner Perkins Caufield & Byers, Benchmark and Sequoia Capital, are among them.

Russian media reported that Telegram has already received pre-orders for $3.8 bln. It thrice surpasses the amount of $1.2 bln, claimed as the aim of TON ICO.

The justification for a strategy of having a closed primary round also seems quite sensible. In both second (public) round and secondary market for tokens, private investors are supposed to be lining up to invest in Telegram since they were unable to do so in the first stage.

This might provide essential liquidity for the asset for those who come in first, i.e. for the funds; this is also perceived as a definite plus in terms of risk management by the investment community.

What else could increase liquidity? 

The Telegram business model enables it to implement a token in the product structure rather efficiently without the need to "drag in" the role of a token in the system, which is typical for projects staging ICOs. The ways to spend the token mentioned in its unofficial white paper look quite specific and narrow, however.

Pros of the TON 
We tried to imagine what else the TON could be used for so that an average user could benefit from it.

Online retailers: Many of them already communicate with clients and sell via messengers. The problem is that they have to pay commission to third parties such as banks and payment systems. Instead of paying this fee, retailers could offer better prices or rewards, and acquire more customers in the process. Although, this acquiring approach would still raise lots of questions from regulators.

P2P classifieds: There is always a lack of trust between seller and customer on platforms like eBay. Both sides have to choose between taking a risk or paying a fee for a secure transaction.

Darknet market: Let’s be honest- TON is an ideal ecosystem for illegal retailers, for whom it is essential to communicate and trade anonymously and privately.

Human resources: There is an obvious demand for a common workspace for both freelancers and employers, with easy communication tools and a smart-contract payment system.

Will the largest ICO be reasonable?

Telegram's ICO could become the largest to date and launch a trend for raising funds through issuing tokens for other existing online businesses which do not want to resort to venture capital by different reasons, for example because they want to keep control over most of their business.

The motivation of Telegram that doesn’t have easy access to venture capital is entirely rational. Durov has a strong team and a scalable product already, which is important to investors.

But what works for building social networks may not work for building the platform that figuratively competes with Bitcoin, Ethereum, WeChat and Facebook Messenger at the same time.

Whatever success, TON, for sure, will make a big splash in the ICO market.

ICORating has not made an official evaluation of TON as its ICO has not been officially announced yet. This is our opinion based on what we know from insiders and open sources. 

Brian Kean, СBDO at ICORating agency

🕵️‍ ICO Watch
views
👓 Recommended articles