Google engineer Dan Reva has discovered a vulnerability in Telegram for macOS that allows attackers to use the laptop’s camera and microphone.

The vulnerability allows to inject a dynamic library (Dylib) with a malicious exploit into Telegram on macOS. With it, attackers will be able to record video from a camera with sound and save the file to a hidden folder on a Mac. Moreover, video and audio recording will work even if the corresponding permissions are disabled.

This is possible because Telegram for macOS does not use Apple’s built-in Hardened Runtime security mechanism.

Reva reported this issue to the Telegram team in February 2022. But the developers did not get in touch and still have not eliminated the vulnerability.

Kaspersky Lab has discovered and studied a non-trivial cyber incident. The attackers managed to steal 1.33 bitcoins from a hardware wallet (at the time of the study, in the amount of $29,585). Moreover, the theft took place when the device, disconnected from the Internet, was in the owner’s safe.

According to experts, hardware wallets are considered a safer way to store digital assets than software “hot” wallets, since they need to connect separate USB devices to a computer to send cryptocurrency or interact with decentralized financial protocols.

To steal, the attackers had to physically open the device in advance, as well as make changes to the original firmware of the bootloader and the wallet itself. Externally, the hacked crypto wallet worked as usual, but the cybercriminals had already gained full control over it. The Lab said:

Instead of ultrasonic welding, the halves of the wallet were filled with glue and fastened with double-sided tape. In addition, another microcontroller with modified firmware and bootloader was installed instead of the original one. Thus, it turned out that the victim bought a hardware wallet that was already infected, and at the time of purchase, the factory packaging and holographic stickers looked intact and did not arouse suspicion.

The attackers removed the control of protective mechanisms from the firmware. Also, at the initialization stage or when resetting the wallet, a randomly generated seed phrase was replaced with one of 20 pre-created and saved in the fraudulent firmware. Thirdly, if the owner set an additional password to protect the master key, only its first character was used. Thus, in order to pick up the key to a particular fake wallet, the attackers had to go through a total of 1280 options.

Stanislav Golovanov, cybersecurity expert at Kaspersky Lab, explained:

Although hardware wallets are considered one of the safest ways to store cryptocurrencies, attackers have found a way to hack them by selling infected or fake devices. Such attacks can be avoided. We strongly recommend purchasing such devices only from official and trusted sources in order to minimize the risks.

Microsoft has announced that Windows 10 22H2 will be the last version for this operating system. No more major OS updates.

Microsoft will continue to support Windows 10 with monthly security updates until October 14, 2025, after which support will end completely. The exception will be some releases in the Long Term Service Channel or LTSC.

Of course, against this background, the company recommends switching to Windows 11.

We strongly recommend that you upgrade to Windows 11 now as there will be no additional feature updates for Windows 10. If you and/or your organization must use Windows 10 for now, please upgrade to Windows 10 version 22H2 to continue receiving monthly security updates through October 14, 2025