Telegram Messaging App's Zero-Day Flaw Exploited for Cryptocurrency Mining
It was recently discovered that a zero-day security vulnerability on the popular messaging app Telegram has also been exploited by hackers to mine crypto money.
Kaspersky Lab reported that a group of hackers have been using a zero-day flaw to spread "a new piece of malware" targeting the desktop version of Telegram. The IT security firm learned that the attacks have been going on since March of last year mostly to mine digital currencies such as Monero and Zcash.
In the IT field, the term "zero-day vulnerability" refers to security flaws that have been exploited shortly after they were announced to the general public or sometimes when security researchers have yet to discover them.
Get Our Latest News for FREE
The recently discovered Telegram app breach took advantage of the zero-day flaw "based on the RLO (right-to-left override) Unicode method."
The RLO Unicode is what messaging applications use for people whose languages need to be typed from right to left such as Arabic and Hebrew. However, Kaspersky explained: "Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images."
The report added that a Unicode character had been concealed in the file name that "reversed the order of the characters" and this caused the file's name to change.
As a result, users downloaded hidden malware which was then installed on their computers," Kaspersky shared.
Meanwhile, Kaspersky confirmed that they have alerted Telegram about the issue, and the messaging app company is now observing the issue.
"During their analysis, Kaspersky Lab experts identified several scenarios of zero-day exploitation in the wild by threat actors. Firstly, the vulnerability was exploited to deliver mining malware, which can be significantly harmful to users. By using the victim's PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others," the report said.
Kaspersky Lab has informed Telegram of the said vulnerability, and there has been no sighting of the zero-day flaw in the messenger's products since then.
