I think web.telegram.org has been hacked.

[U.A]

When I try to open the web.telegram.org page,
HEUR:Trojan.Script.Miner.gen is attempting to infect my computer with malware.

[harlan4096]

Welcome to Kaspersky Community.

 

Please provide versions of K. product installed.

 

Also, post a capture with the details of the detection.

 

I can't reproduce the detection here 🤔 neither in my Kaspersky nor in VirusTotal service.

[SeveroXX]

HI,

it happened the same to me and others, here is the reddit post form yesterday.

Any official information about this?

 

Thanks!

[harlan4096]

I use Telegram Web daily and not getting any detection 🤔🤷‍♂️ using this link: Telegram but once I open it in my FireFox it changes automatically to https://web.telegram.org/k/

 

 

 

 

[Berny]

↓ Same redirection to 'web.telegram.org' here ↓

Spoiler

 

 

 

[U.A]

Type: Trojan
Name: HEUR:Trojan.Script.Miner.gen
Precision: Heuristic analysis
Threat level: High
Object type: File
Object name: 3640.61daa6ed9a8f1e122076.js
Object path: https : //web.telegram.0rg/a/

Malware Links :

change the 0rg to org in address

https: // web.telegram.0rg/a/3640.61daa6ed9a8f1e122076.js
https: // web.archive.0rg/web/20250604202003if_/https://web.telegram.0rg/a/3640.61daa6ed9a8f1e122076.js

[Berny]

Domain '.org' vs '.0rg' 🤔

[harlan4096]

Exactly, that URL is not the same, that one has a "zero" number instead of the letter "o". So those URLs with .0rg are fake, and they are correctly flagged as malware!

[U.A]

I know it's spam, but I wrote it that way so that others wouldn't automatically click on it 🙂
The malicious JS file was on the official website.
I wrote the malicious file as .0rg so that it wouldn't harm others.

i said before
change the 0rg to org in address

Edited 15 hours ago by U.A

[Berny]

The report for both URLs with domain ‘.org’ is clean on Kaspersky Open Tip 🤔

https://opentip.kaspersky.com/?tab=lookup