In a concerning development, blockchain security firm CertiK has discovered a “high-risk Telegram vulnerability” in the popular messaging app Telegram, potentially allowing hackers to execute remote code execution (RCE) attacks.
CertiK outlined that the Telegram vulnerability centers on the way the desktop app processes media files. Attackers could craft malicious images or videos and potentially gain the ability to run code on a target’s machine.
According to the CertiK team, disabling the automatic downloading of media files on Telegram Desktop is a crucial step in safeguarding against potential RCE attacks.
To mitigate this Telegram vulnerability, users should check their Telegram Desktop configuration and disable the auto-download feature. This can be done by navigating to the “Settings” menu and tapping on “Advanced.”
Crypto Scams and Exploits Plague March 2024 – CertiK Report
CertiK’s March analysis revealed a significant decrease in losses to cyber-attacks compared to the previous month. The total loss of approximately $79 million marks a 48% reduction from February. Phishing was the predominant method, resulting in roughly $21 million in losses.
Exit scams accounted for about $5.7 million, while flash loan attacks and other exploits reached $21.9 million and $52.1 million, respectively. However, around $69.2 million was recovered, indicating some resilience against such incidents.
The most substantial financial damage was inflicted by exploits, totaling $52.1 million. Flash loan attacks followed, with a tally of $21.9 million. Exit scams, though less frequent, still posed a significant threat, amounting to losses of approximately $5.7 million.
Prisma Finance topped the list of flash loan attacks, suffering a staggering $12.362 million loss. Moving to exploits, NFPrompt witnessed the most significant breach, with a $10 million loss. Finally, in the realm of exit scams, OrdzIK led the way, with funds amounting to $1.474 million reportedly swindled.
