Influenza A virus subtype H5N1 zero-day vulnerability has been discovered inwards the desktop version for end-to-end encrypted Telegram messaging app that was beingness exploited inwards the wild inwards social club to spread malware that mines cryptocurrencies such every bit Monero too ZCash.
The Telegram vulnerability was uncovered past times safety researcher Alexey Firsh from Kaspersky Lab final Oct too affects entirely the Windows customer of Telegram messaging software.
The flaw has actively been exploited inwards the wild since at to the lowest degree March 2017 past times attackers who tricked victims into downloading malicious software onto their PCs that used their CPU might to mine cryptocurrencies or serve every bit a backdoor for attackers to remotely command the affected machine, according to a blogpost on Securelist.
The vulnerability resides inwards the agency Telegram Windows customer handles the RLO (right-to-left override) Unicode graphic symbol (U+202E), which is used for coding languages that are written from correct to left, similar Standard Arabic or Hebrew.
According to Kaspersky Lab, the malware creators used a hidden RLO Unicode graphic symbol inwards the file refer that reversed the social club of the characters, so renaming the file itself, too shipping it to Telegram users.
For example, when an aggressor sends a file named "photo_high_re*U+202E*gnp.js" inwards a message to a Telegram user, the file's refer rendered on the users' covert flipping the final part.
Therefore, the Telegram user volition run into an incoming PNG icon file (as shown inwards the below image) instead of a JavaScript file, misleading into downloading malicious files disguised every bit the image.
Kaspersky Lab reported the vulnerability to Telegram too the fellowship has since patched the vulnerability inwards its products, every bit the Russian safety theatre said: "at the fourth dimension of publication, the zero-day flaw has non since been observed inwards messenger's products."
While analyzing the servers of malicious actors, the researchers also institute archives containing a Telegram's local cache that had been stolen from victims.
In some other case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API every bit a command too command protocol, allowing hackers to attain remote access to the victim’s computer.
Firsh believes the zero-day vulnerability was exploited entirely past times Russian cybercriminals, every bit "all the exploitation cases that [the researchers] detected occurring inwards Russia," too a lot of artifacts pointed towards Russian cybercriminals.
The best agency to protect yourself from such attacks is non to download or opened upwards files from unknown or untrusted sources.
The safety theatre also recommended users to avoid sharing whatsoever sensitive personal information inwards messaging apps too brand certain to convey a skilful antivirus software from reliable fellowship installed on your systems.
The Telegram vulnerability was uncovered past times safety researcher Alexey Firsh from Kaspersky Lab final Oct too affects entirely the Windows customer of Telegram messaging software.
The flaw has actively been exploited inwards the wild since at to the lowest degree March 2017 past times attackers who tricked victims into downloading malicious software onto their PCs that used their CPU might to mine cryptocurrencies or serve every bit a backdoor for attackers to remotely command the affected machine, according to a blogpost on Securelist.
Here's How Telegram Vulnerability Works
The vulnerability resides inwards the agency Telegram Windows customer handles the RLO (right-to-left override) Unicode graphic symbol (U+202E), which is used for coding languages that are written from correct to left, similar Standard Arabic or Hebrew.
According to Kaspersky Lab, the malware creators used a hidden RLO Unicode graphic symbol inwards the file refer that reversed the social club of the characters, so renaming the file itself, too shipping it to Telegram users.
For example, when an aggressor sends a file named "photo_high_re*U+202E*gnp.js" inwards a message to a Telegram user, the file's refer rendered on the users' covert flipping the final part.
Therefore, the Telegram user volition run into an incoming PNG icon file (as shown inwards the below image) instead of a JavaScript file, misleading into downloading malicious files disguised every bit the image.
"As a result, users downloaded hidden malware which was too so installed on their computers," Kaspersky says inwards its press release published today.
Kaspersky Lab reported the vulnerability to Telegram too the fellowship has since patched the vulnerability inwards its products, every bit the Russian safety theatre said: "at the fourth dimension of publication, the zero-day flaw has non since been observed inwards messenger's products."
Hackers Used Telegram to Infect PCs amongst Cryptocurrency Miners
During the analysis, Kaspersky researchers institute several scenarios of zero-day exploitation inwards the wild past times threat actors. Primarily, the flaw was actively exploited to deliver cryptocurrency mining malware, which uses the victim's PC computing might to mine unlike types of cryptocurrency including Monero, Zcash, Fantomcoin, too others.While analyzing the servers of malicious actors, the researchers also institute archives containing a Telegram's local cache that had been stolen from victims.
In some other case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API every bit a command too command protocol, allowing hackers to attain remote access to the victim’s computer.
"After installation, it started to operate inwards a still mode, which allowed the threat thespian to rest unnoticed inwards the network too execute unlike commands including the farther installation of spyware tools," the theatre added.
Firsh believes the zero-day vulnerability was exploited entirely past times Russian cybercriminals, every bit "all the exploitation cases that [the researchers] detected occurring inwards Russia," too a lot of artifacts pointed towards Russian cybercriminals.
The best agency to protect yourself from such attacks is non to download or opened upwards files from unknown or untrusted sources.
The safety theatre also recommended users to avoid sharing whatsoever sensitive personal information inwards messaging apps too brand certain to convey a skilful antivirus software from reliable fellowship installed on your systems.