Malicious actors are constantly coming up with new ways of exploiting the various cryptocurrencies available to users. Kaspersky Lab researchers just reported a zero-day flaw discovered in the Telegram Desktop app that could be used as an intermediary for hackers wishing to mine Zcash, Fantonmoin, and Monero.
“In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service,” the researchers said in their report.
What Is a Right-to-Left Override Attack?
The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.
Apparently, the flaw has been leveraged in active attacks since March, 2017. When successfully exploited, the hackers were able to install a backdoor on compromised hosts via the Telegram API as a command and control protocol, meaning that remote access was granted.
Telegram Zero-Day Exploited in Several Ways
What is more troublesome is that researchers found several scenarios of how the Telegram zero-day could be leveraged. In addition to dropping malware and spyware on infected computers, the flaw was also used to deliver mining software. The researchers also believe that there are more ways to build an attack based on the vulnerability.
For now, only Russian cybercriminals were aware of the flaw, as Kaspersky Lab only detected attacks occurring in Russia. The security firm also discovered evidence pointing directly to Russian hackers.
It’s still not known which versions of the Telegram app were affected by the zero-day flaw. What the researchers are certain about is that its exploitation in Windows clients began in March 2017. Telegram developers have been contacted and informed about the problem, and the vulnerability has been fixed in the corresponding products.
Affected users should update their Telegram apps as soon as possible.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: