Threat Actor: Unknown | Unknown
Victim: Telegram | Telegram
Price: $25,000 (negotiable)
Exfiltrated Data Type: Not specified
Additional Information:
- The threat actor is selling an exploit for a serious security vulnerability in Telegram’s desktop versions.
- The vulnerability allows for remote code execution (RCE) attacks and potential takeover of the entire device.
- The buyer will receive exclusive rights to the exploit, exploit source code, and documentation on how it works.
- The asking price for the exploit is $25,000, with room for negotiation.
- The authenticity of the sold exploit is questionable due to the threat actor’s new presence on the forum and lack of previous sharing.
- Telegram users are advised to exercise caution, update their security measures, and avoid opening messages from unknown sources.
- Zero-click attacks are dangerous tactics that exploit vulnerabilities in the target device to gain remote control without user interaction.
A threat actor alleging to of a serious security vulnerability on the popular messaging platform Telegram. This vulnerability, which affects Telegram’s desktop versions, enables remote code execution (RCE) attacks. The attacker claims that with the Zero-click attack, they can take over the entire device. The buyer will get exclusive rights on the exploit, exploit source code and documentation on how the exploit work. The asking price for this tool / exploit stands at $25,000, with room for negotiation. The actor’s new presence on the forum and lack of previous sharing raise doubts about the authenticity of the sold exploit.
Following the revelation of the attack, Telegram users have been advised to exercise caution and update their security measures. Security experts recommend users to download and install updates and avoid opening messages from unknown sources.
Zero-click attacks are a dangerous tactic that do not require user interaction and exploit vulnerabilities in the target device to allow attackers to gain remote control.
Original Source: https://dailydarkweb.net/threat-actor-allegedly-selling-zero-click-rce-exploit-targeting-desktop-telegram-versions/