Hackers exploit the app Telegram Messenger to gain control of Windows users’ computers deliver cryptocurrency mining malware.
Security experts from Alexey Firsh from Kaspersky Lab have found that a desktop version for end-to-end encrypted Telegram messaging app creates zero-day vulnerability to allow hackers to spread malware software and mine cryptocurrencies via affected machines.
The discovery was made last October, but according to Karspersky Lab, the flaw has been actively exploited by hackers since March 2017.
Affected by the malware were only Windows clients of Telegram messaging software. Those Telegram users would be misled into downloading malicious files disguised for example as images. Those files, however, carried a hidden RLO (right-to-left override) Unicode which installed a malware software on the users’ computers and allowed zero-day exploitation in the wild by thread actors. The RLO Unicode is generally used for coding languages that are written from right to left, but the hackers used it to infiltrate computers of Telegram Messenger users.
The malware creators exploited the vulnerability to install a backdoor via the Telegram API on the affected computers. Thus they would remotely command and control a victim’s PC, which would usually provide no signs that it executed different commends and operations dictated by a threat actor.
This zero-day vulnerability has been harmful to users as it has allowed the malware creators to use the victim’s PC computer power to mine cryptocurrencies such as Monero, Zcash, Fantomcoin and others.
The flaw has already been reported to Telegram, which has taken proactive measures to patch the vulnerability in its messenger’s products. In February 2018, the Kaspersky Lab researchers announced that they have indicated Russian origins of the cybercriminals and that the zero-day flaw has not been observed any longer.
It is recommended that users refrain from downloading and opening files and documents from unknown untrusted sources. Besides, they should not share any sensitive personal information via any type of messaging apps as such activities will make them more vulnerable to attacks.
A reliable security software can also significantly reduce the level of vulnerability to possible threads and infections, including malicious mining software.