Telegram Founder: Crypto Mining Malware Attack Isn't Due to App Flaw

A cybersecurity firm says Telegram has been exploited for crypto mining by hackers, but the messaging app's founder says it is not to blame.

AccessTimeIconFeb 13, 2018 at 7:00 p.m. UTC
Updated Sep 13, 2021 at 7:34 a.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Russian cybersecurity firm Kaspersky Lab reported today that a vulnerability in Telegram's messaging app had been exploited to turn desktop computers into unwitting crypto-miners – a claim that the firm's founder is pushing back against.

The cyberattacks were uncovered by Kaspersky Lab, a global cybersecurity software provider, who reports that the covert mining operations have been underway since March of 2017. Kaspersky said that the attacks were possible because of a zero-day vulnerability.

"We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year," Alexey Firsh, a Kaspersky Lab analyst said in a statement today.

Yet Pavel Durov, who founded the popular messaging app, has taken to his own Telegram channel in order to downplay the report.

"As always, reports from antivirus companies must be taken with a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media," he said. He went on to claim that what Kaspersky had uncovered was not a "real vulnerability on Telegram Desktop," and that cybercriminals could not access users' computers without them first opening a malicious file.

"So don't worry," he told the channel, "Unless you opened a malicius [sic] file, you have always been safe."

Cybercriminals reportedly used the malware to garner monero, zcash and fantomcoin, among other cryptocurrencies, per Kaspersky's report. The firm says evidence indicates that the malware has Russian origins, and notes that, in some cases, it is used as a backdoor through which hackers can silently control a computer. In the course of analyzing malicious servers, Kaspersky also said it found "archives containing a Telegram local cache that had been stolen from victims."

As the profits associated with mining have increased, mining malware has become more common.

CoinDesk reported yesterday that more than 4,000 U.K websites, including government sites, had been infected with mining malware, prompting the U.K. Information Commissioner's Office to take down its website. Likewise, in another significant case last month, it was discovered that Google's DoubleClick ad services were hijacked to distribute mining malware on prominent sites like YouTube. This has put additional pressure on developers to ensure user safety.

Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.