Kaspersky Lab has revealed that inward Oct 2017, they had discovered a flaw inward Telegram Messenger’s Windows desktop customer that was existence exploited “in the wild”. According to Kaspersky, the flaw has allegedly been past times Russian cybercriminals inward a cryptomining campaign.
The Telegram vulnerability involves the purpose of an RLO (right-to-left override) gear upwards on when the user sends a file through the messenger.
RLO Unicode method is primarily used for coding languages that are written right-to-left, such every bit Hebrew or Arabic, but hackers tin purpose it to describe a fast ane on users into downloading malicious files. When an app is vulnerable to attack, it volition display a filename incompletely or inward reverse.
Kaspersky has said that it seems that exclusively Russian cybercriminals were aware of this flaw too were exploiting it — non to spread ransomware but cryptomining malware.
The attacks enabled cybercriminals to non only spread the cryptomining malware but too to install a backdoor to remotely command victims’ computers.
“We don’t bring exact data well-nigh how long too which versions of the Telegram products were affected past times the vulnerability. What nosotros produce know is that its exploitation inward Windows clients began inward March 2017,” read the study Kaspersky published on the flaw.
In the report, Alexey Firsh, cyberthreat researcher at Kaspersky, has outlined several scenarios that present cases of how the vulnerability was genuinely exploited.
He too wrote that Telegram was informed of this flaw too it no longer occurs inward their products.