The Telegram vulnerability was uncovered yesteryear safety researcher Alexey Firsh from Kaspersky Lab terminal Oct together with affects exclusively the Windows customer of Telegram messaging software.
The flaw has actively been exploited inwards the wild since at to the lowest degree March 2017 yesteryear attackers who tricked victims into downloading malicious software onto their PCs that used their CPU might to mine cryptocurrencies or serve every bit a backdoor for attackers to remotely command the affected machine, according to a blogpost on Securelist.
Here's How Telegram Vulnerability Works
The vulnerability resides inwards the agency Telegram Windows customer handles the RLO (right-to-left override) Unicode graphic symbol (U+202E), which is used for coding languages that are written from correct to left, similar Standard Arabic or Hebrew.
According to Kaspersky Lab, the malware creators used a hidden RLO Unicode graphic symbol inwards the file advert that reversed the lodge of the characters, thence renaming the file itself, together with shipping it to Telegram users.
For example, when an assaulter sends a file named "photo_high_re*U+202E*gnp.js" inwards a message to a Telegram user, the file's advert rendered on the users' shroud flipping the terminal part.
Therefore, the Telegram user volition run into an incoming PNG icon file (as shown inwards the below image) instead of a JavaScript file, misleading into downloading malicious files disguised every bit the image.
"As a result, users downloaded hidden malware which was so installed on their computers," Kaspersky says inwards its press release published today.
Kaspersky Lab reported the vulnerability to Telegram together with the fellowship has since patched the vulnerability inwards its products, every bit the Russian safety trouble solid said: "at the fourth dimension of publication, the zero-day flaw has non since been observed inwards messenger's products."
Hackers Used Telegram to Infect PCs amongst Cryptocurrency Miners
While analyzing the servers of malicious actors, the researchers also flora archives containing a Telegram's local cache that had been stolen from victims.
In some other case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API every bit a command together with command protocol, allowing hackers to make remote access to the victim’s computer.
"After installation, it started to operate inwards a soundless mode, which allowed the threat histrion to stay unnoticed inwards the network together with execute dissimilar commands including the farther installation of spyware tools," the trouble solid added.
Firsh believes the zero-day vulnerability was exploited exclusively yesteryear Russian cybercriminals, every bit "all the exploitation cases that [the researchers] detected occurring inwards Russia," together with a lot of artifacts pointed towards Russian cybercriminals.
The best agency to protect yourself from such attacks is non to download or opened upwardly files from unknown or untrusted sources.
The safety trouble solid also recommended users to avoid sharing whatever sensitive personal information inwards messaging apps together with brand certain to accept a expert antivirus software from reliable fellowship installed on your systems.
