Telegram is a secure chat application, at least when you want to have a private conversation. But it wasn't really secured in front of hackers.
Kaspersky Lab researchers have discovered attacks with a new type of malware. It uses a zero-day vulnerability in the Telegram desktop application. It has been used to deliver multifunctional malware, which, depending on the computer, can be used as a backdoor or as a way to introduce cryptocurrencies mining software.
According to the research, the vulnerability has been actively exploited since March 2017 for mining various cryptocurrencies, including Monero and Zcash. Zero-day Telegram vulnerability is based on the Unicode RLO ("right-to-left override" method). This is usually used to encode languages whose writing system is from right to left, such as Arabic or Hebrew. Additionally, it can be used by malware creators to confuse users and download malware files disguised in images, for example.
The hackers used a hidden Unicode character in the file name, which reversed character order, renaming the file. Therefore, users downloaded hidden malware that was then installed on their computers.
During the analysis, Kaspersky Lab experts have identified several scenarios of exploitation of zero-day vulnerability by attackers. First of all, the vulnerability has been used to deliver mining malware. By using the computing power of the victim's PC, hackers have mined various types of cryptos, including Monero, Zcash, Fantomcoin and others. Moreover, during an attacker's server analysis, Kaspersky Lab researchers found archives containing a local Telegram cache stolen from the victims.
Secondly, following the successful exploitation of the vulnerability, a backdoor was installed that used the Telegram API as a command and control protocol, hackers thus gaining remote access to the victim's computer. After installation, it began to operate silently, allowing the author to remain hidden on the network and execute various commands, including the installation of spyware tools. The artifacts discovered during the investigation show that hackers are Russian-speaking.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.kaspersky.com/about/press-releases/2018_hackers-exploited-telegram-messenger-zero-day-vulnerability
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by cryptorg from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit