End-to-end encrypted instant messaging service Telegram is very popular among those who seek to secure their conversations and avoid personal data leakage. The popularity of this application was highly boosted after the recent Facebook data scandal – a lot of users are looking for other methods to communicate online and do it privately, without having to worry about someone to spy on them.
While Telegram might be the most popular alternative for instant messaging, this cross-platform tool is not flawless as well. There are various versions of Telegram designed to fit all most common devices and operating systems – it works on iOS, Android, Windows Phone, macOS, Windows/Linux and basic web application, accessible directly from any web browser.
According to Official Telegram website, they already have 200,000,000 monthly active users and the number is rising. However, the tool that is meant to be the most secure way to communicate, is not that secure after all. That’s because of Telegrab malware that comes from Russian and targets Telegram Windows OS desktop application.
Weak Desktop Version
Telegram mobile application and web service seems to be much stronger security wise than desktop version. The “Secret Chats” feature is non-existent on desktop and default settings are pretty weak. So basically, Telegrab virus is simply exploiting the weakest link in Telegrams’ network of services – that’s not much of a fault of the Telegram developers. Nonetheless, it’s a problem when it comes to the communication – every user downloading desktop version of Telegram is expecting the same features as offered by mobile applications or web service.
Cyber criminal (or criminals) from Russia that developed Telegrab are mostly targeting users from Russia. Yet that does not mean that users from other countries can’t be affected. This malware was first noticed on 4 April 2018 and new version of the virus appeared on 10 April 2018. Surprisingly, the author of this virus is pretty open about it and even demonstrates how to open the data collected by Telegram on video uploaded to YouTube.
First version of Telegrab version was able to steal text files, cookies and browser credentials, the updated version is capable to collect data from desktop application of Telegram as well as several other applications (such as Steam). That means Telegrab poses threat to various data stored on your computer or web browser, but its’ main target remains Telegram desktop application.
How can TeleGrab infect your computer?
Even if you do not use Telegram software or you are not speaking Russian, TeleGrab can still infect your computer since it is capable of stealing other data as well. It is mostly distributed through downloaders. They are written in 3 different programming languages – Go, Python and AutoIT.
Files of Telegrab will come as a single .RAR file that will be automatically extracted. After that, the virus will automatically start scanning your system for the information it needs. It can also drop additional files on your computer, such as “dpapi.exe” or “enotproject.exe”. They are used to explore data on specific applications that you use.
Unlike ransomware viruses that takes your data as a hostage and then ask for a ransom to give it back to you, Telegrab won’t ask you anything and even won’t inform you that your computer is infected. That makes removal of this infection complicated, because in order to do that, you have to be aware of its’ existence in a first place.
Nonetheless, data stolen from you can be sold on deep web or Telegrab virus might infiltrate other infections into your computer, so it obviously needs to be removed.
Since it is categorised as malware and well-known in cyber security world, Telegrab is already included in the blacklists used by anti-malware software, so obviously, the best way to get rid of it is to scan your computer with Spyhunter. Either one of those programs will be able to detect and get rid of this infection instantly. It will also protect your computer from similar viruses in the future, so it is worth to keep it installed.
Automatic Malware removal tools