CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users

CertiK Cybersecurity Telegram
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Jimmy Aki
Author Categories
About Author

Jimmy has nearly 10 years of experience as a journalist and writer in the blockchain industry. He has worked with well-known publications such as Bitcoin Magazine, CCN, and Blockonomi, covering news...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Blockchain security platform CertiK uncovered a Telegram vulnerability on April 9 that allows hackers to deploy a remote code execution (RCE) attack through “specially crafted media files, such as images or videos.”

CertiK’s Discovery Reveals Telegram Vulnerability

CertiK raised the alarm in an X post, describing the RCE attack as a “high-risk vulnerability in the wild.” An RCE vulnerability allows an attacker to execute arbitrary code on a remote device, which can lead to various levels of damage.

The security firm told the media that the RCE attack was exclusive to Telegram’s desktop version, not its mobile applications, as it was not designed to run executable programs.

https://twitter.com/CertiKAlert/status/1777632812700713254

Following CertiK’s discovery, the official Telegram X account countered the claim and argued that there was no vulnerability in their system and that the issue was likely a fake. Some X users shared their opinion, stating that the issue was not new to the platform.

This is not the first time that Certik has reported attacks on Telegram. In October 2023, the blockchain security firm warned users about Telegram bot tokens, which it claimed could be exit scams.

In 2021, a Shielder security research report revealed that the messaging app suffered a similar remote media-related attack that enabled hackers to send modified animated stickers on Android, iOS, and MacOS application versions which would grant them access to media files that people share in all types of chats.

The issues were reported and addressed by the Telegram security team, however.

In May 2023, Google engineer Dan Revah discovered a bug that enabled attackers to activate the camera and microphone on laptops running on MacOS software.

Could the Latest Security Setback Derail Telegram’s Wall Street Listing?

CertiK’s discovery of the Telegram vulnerability coincides with the platform’s announcement of a possible debut on Wall Street.

In March, Telegram CEO Pavel Durov exclusively told the Financial Times that the messaging app was mulling an IPO in the US, following in the footsteps of Reddit, whose stock has captured investor’s interest. With over 900 million users, a preliminary valuation of $90B, and increasing revenues, the social media app is ripe for a public listing.

“Generally speaking, we see value in [an IPO] as a means to democratise access to Telegram’s value,” he explained.

While Telegram’s expansion is evident, one major hurdle it must overcome before venturing into Wall Street is its ‘dark web’ baggage. Cybersecurity experts have long labeled the app as the hotbed for organized criminals.

According to a US cybersecurity magazine report, bad actors use the messaging platform as a marketplace to facilitate illicit transactions and spread extremist content. The platform’s poor reputation and alleged ties to the Kremlin – Patel Durov has consistently denied this – could be a major talking point for investors.

Despite these drawbacks, Telegram has adopted crypto for in-app ad purchases as part of its user monetization strategy.

More Articles

DeFi News
From $10K to $75K: How Dave Portnoy Pumped and Dumped a Meme Coin on His Followers
Hassan Shittu
Hassan Shittu
2025-02-07 23:50:53
DeFi News
Donald Trump’s World Liberty Financial Set to Create Strategic Crypto Reserve: Report
Julia Smith
Julia Smith
2025-02-07 23:19:22
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors