A threat actor alleging to of a serious security vulnerability on the popular messaging platform Telegram. This vulnerability, which affects Telegram’s desktop versions, enables remote code execution (RCE) attacks. The attacker claims that with the Zero-click attack, they can take over the entire device. The buyer will get exclusive rights on the exploit, exploit source code and documentation on how the exploit work. The asking price for this tool / exploit stands at $25,000, with room for negotiation. The actor’s new presence on the forum and lack of previous sharing raise doubts about the authenticity of the sold exploit.
Following the revelation of the attack, Telegram users have been advised to exercise caution and update their security measures. Security experts recommend users to download and install updates and avoid opening messages from unknown sources.
Zero-click attacks are a dangerous tactic that do not require user interaction and exploit vulnerabilities in the target device to allow attackers to gain remote control.