Telegram Bot API Compromised by GoodSender Malware

Forcepoint Security Labs, a research arm of the cyber security company--Forcepoint, recently reported a vulnerability in the Telegram Bot APITrack this API. A particular user was able to use the GoodSender malware to intercept certain information exchanged between users via the Telegram Bot API.

The Telegram Bot API does not use the same type of Encryption it uses for its general platform.The Bot API only protects data at the HTTPS layer. Because of this, the Telegram Bot API was exposed at the mercy of the GoodSender malware. GoodSender used Telegram as a command and control infrastructure to snoop messages and retrieve entire message histories.

Affected users may have had their access tokens, chat_ids, current communication, previous communications, passwords, and IP addresses compromised. Upon its discovery, Forcepoint informed Telegram of its finding. Because the Telegram Bot API is not nearly as popular as Telegram's main messaging Platform, the report estimates that only 125 users were affected.

Forcepoint suggests users avoid groups and channels which include bots to avoid exposure. Forcepoint's suggestion to Telegram is for the company to utilize its MTProto encryption for the Bot API, as it does for its premier messaging platform. Stay tuned to the Forcepoint report for updates on the vulnerability.

Be sure to read the next Security article: Ping Identity Enhances its API Security Solution