Telegram instant-messaging application has its pros and cons, but overall, it is a decent program. In the summer of 2017, we wrote an article about fake Telegram-related apps, transmitting spyware to Iranians. Today, the news is pretty similar: a zero-day vulnerability was detected in the desktop version for end-to-end encrypted Telegram. Hackers rushed to exploit the flaw and spread a crypto mining virus (among other things).
Cryptominer spreads thanks to zero-day flaw in Telegram
Alexey Firsh from Kaspersky Lab was the researcher to whom we have to be grateful for the discovery of the zero-day flaw in Telegram. He explained that there is more than one technique cyber criminals can attempt to execute. The most actively exploited strategy was to illegally use Windows computers’ resources for the purpose of generating various types of cryptocurrencies.
While this strategy is regarded as the prevalent, we should also mention a few others. Because of the zero-day vulnerability, crooks could steal Telegram users’ cache or gain remote access to operating systems. The researcher from Kaspersky Lab mentions that the vulnerability was only exploited by Russian cyber criminals. Similar attempts outside of Russia are not currently detected.
The question remains: how exactly did Telegram users became victims? Well, it appears that hackers were tricking people into downloading malicious files (sent to them via Telegram). In addition to this, these cyber attacks were taking since March of 2017. This gave hackers plenty of time to distribute cryptominers to unsuspecting Telegram clients.
The zero-day flaw was found in the technique Telegram uses to handle the RLO (right-toleft override) Unicode character (U+202E). Firsh explained that criminals would hide a RLO character in the file, distributed thru the Telegram messaging app. Thanks to this vulnerability, crooks were able to disguise malicious JavaScript programs under seemingly harmless image or video files.
The vulnerability was fixed
After Kaspersky Lab contacted the representatives of Telegram, the zero-day vulnerability was fixed. Now, you have nothing to worry about when it comes to this specific flaw. However, there are no promises that more vulnerabilities are not going to be detected in Telegram. Actually, all programs occasionally are in need of updates and patches. It is a mystery which other popular app will be the one to battle zero-day vulnerabilities.
It was not that difficult to remain safe during the time when attacks against Telegram were taking place. Experienced surfers should already follow one simple rule: never download unknown files and programs. If you happen to receive a random image or video file, do not hurry to download it. It is very likely that it will turn out to be malicious.
Source: threatpost.com.