Claims about Malicious Telegram Links with Automated Media Access Disavowed by App

The CertiK team believes that threat actors can abuse the auto-download feature, commonly used by the messaging app's users for photos, videos, and other files, to facilitate Telegram scams

A person listening to music surrounded by media files
Telegram scams can indeed exploit automated downloads of media files to distribute dangerous malware to victims' devices

Yesterday, the Web3 cybersecurity team at CertiK warned the community about a potential vulnerability in the popular encrypted messaging service Telegram. CertiK has classified this vulnerability as "high-risk" due to its capability to inflict significant damage. The blockchain security firm is especially concerned about users of the desktop application, who may be targeted by threat actors involved in Telegram scams.

The CertiK team suspects that the vulnerability may be of the Remote Code Execution (RCE) type, which could give cybercriminals control over a victim’s system, enabling them to execute commands remotely. Such a vulnerability can facilitate the distribution of various types of malware, potentially leading to the theft of sensitive information, takeover of cryptocurrency wallets, or installation of cryptocurrency miners, all without the knowledge or consent of the device owners.

Read also: Crypto Phishing Thefts Soar to $71 Million in March, Affecting Amost 78,000 Victims

"This issue exposes users to malicious attacks through specially crafted media files, such as images or videos," explains CertiK, providing more details on the tactics that can exploit the vulnerability it has identified. Some of the X users reported that a similar vulnerability was previously discovered in the Signal messaging application.

The team shared instructions to disable the feature triggering automated downloads with its X followers.

Disabling auto-download feature on Telegram
Source: CertiK

CertiK advises users to open the Telegram app and navigate to the Settings menu. From there, users should select "Advanced" and find the "Automatic Media Download" section. Within this section, options for "Photos," "Videos," and "Files" can be found. CertiK recommends disabling auto-download for each media type across all chat categories, including Private chats, groups, and channels.

CertiK's warning has sparked debate within the community. While some users, including those from Airdropcrews, claimed to have experienced malware installations due to automatically downloaded files and photos, others argued that the auto-download feature is harmless unless the malicious files are opened. Additionally, X user Sominemo pointed out that CertiK's provided screenshot was for MacOS, not Telegram Desktop, which is purported to have the vulnerability.

Moreover, some Telegram users are hesitant to disable the auto-download feature despite the risk of Telegram scams, as manually downloading files can be rather time-consuming.

Read also: Trojan Spyware, RiskTools, and Adware: Major Mobile Threats to Crypto Users

Meanwhile, Telegram has responded to the news regarding the potential vulnerability in the application. "We cannot confirm the existence of such a vulnerability," Telegram refuted CertiK's claims, inviting both Telegram users and cybersecurity specialists to report any known vulnerabilities to the Telegram Bug Bounty Program, which has been maintained since 2014.

The Telegram Bug Bounty Program provides an opportunity for security researchers to enhance the platform's safety and integrity while earning financial rewards. These rewards vary based on the severity of the identified issue, ranging from $100 to potentially $100,000 or more for critical vulnerabilities. Telegram encourages researchers to submit information about discovered vulnerabilities to