A vulnerability has been discovered in Telegram Web. For more information visit our blog: http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
This vulnerability, if exploited, would allow attackers to completely take over users’ accounts on any browser, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more. This means that attackers could potentially download photos and or post them online, send messages on the victim’s behalf, demand ransom, and even take over the victim’s friends’ accounts.
The exploitation of this vulnerability starts with the attacker sending an innocent looking file to the victim, which contains malicious code. The file can be modified to contain attractive content and raise the chances a user will open it. Once the user clicks to open it, the malicious file allows the attacker to access Telegram’s local storage, where user data is stored. From that point, the attacker can gain full access to the user’s account and account data. The attacker can then send the malicious file to the all victim’s contacts, opening a dangerous door to a potentially widespread attack over the Telegram network.
Link to tech details: http://blog.checkpoint.com/wp-content/uploads/2017/03/Technical-Details.docx