Kirschner says that whoever is running the sites made a few operational security mistakes that shed light on how successful the campaign has been. But one link is swapped out, which is purportedly the executable for the Windows version of Telegram desktop. All of the links on the cloned sites redirect to Telegram's legitimate domain,.
OpSec ErrorsĪll three spoofed sites are clones of Telegram's website. Kirschner has reported the sites to Google. Those are telegramdesktopnet and telegramdesktoporg.
Kirschner, who did a technical write-up on his site, Suid Vulnerability Research, took an in-depth look at the campaign, which involved three domains spoofing Telegram.Īlthough visiting one of those sites, telegramdesktopcom, now triggers a warning from Google's Safe Browsing tool as being unsafe, two of the sites are still active and presumably duping others. Here is Kirschner's screenshot of the malicious Google ad, which showed up second in a search result. Google patrols its advertising ecosystem to stop abuse, but malvertising remains a persistent problem. It's a common ploy for malware distributors to use the same advertising tools that online merchants use to lure people. It was convincing enough at first glance that Kirschner says he "almost fell for it myself." The second Google result, an advertisement, led him straight to malware disguised as the desktop version of Telegram for Windows. See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources Jannis Kirschner, an independent security researcher based in Basel, Switzerland, searched on Sunday for the desktop version of the popular messaging application Telegram. An illustration of the desktop version of Telegram.
0 kommentar(er)
