Kasperksy uncovers Telegram vulnerability that enables malicious crypto-mining

Kasperksy uncovers Telegram vulnerability that enables malicious crypto-mining

According to security researchers at Kaspersky Lab, who discovered the zero-day flaw and the attacks, the hackers began exploiting the vulnerability, targeting Telegram Windows users in March 2017. Kaspersky said that the attacks were possible because of a zero-day vulnerability.

Kaspersky Lab Tuesday unveiled a zero-day Telegram vulnerability that was exploited not by nation-state hackers or government spy agencies but by cybercriminals engaging in cryptomining. As a result, Telegram for Windows converted files with names such as "photo_high_regnp.js" to "photo_high_resj.png", giving the appearance they were benign image files rather than files that executed code.

The hackers were able to reverse the entire character order by using a disguised Unicode character in the coding file name. In a statement posted on an a Telegram technical channel, the company said the attack was a form of social engineering that only worked if a user was tricked into downloading an image file.

The vulnerability can be used to carry out a variety of attacks against an infected machine. The second exploitation was to serve as a backdoor to remotely gain access to a victim's computer.

This backdoor allows for a number of malicious operations, including launching, downloading and deleting files and extracting web browsing history archives.

Interestingly, researchers at Kaspersky Lab have noted that all commands used are in Russian and are written in such a way that more malware attacks are likely to plague previously infected devices.

In keeping with current trends, hackers were also using the security hole to install multiple copies of cyber-cash mining software that crafted Zcash, Fantomcoin and Monero coins. It's unknown how much has been made from the scheme, but it can prove highly lucrative to cybercriminals.

"The popularity of instant messenger services is incredibly high, and it's extremely important that developers provide proper protection for their users so that they don't become easy targets for criminals", argued the vendor's malware analyst, Alexey Firsh.

Kaspersky discovered mobile malware was stealing WhatsApp messages last month. ZDNet attempted to contact Telegram, but hadn't received a reply at the time of publication.

With such vulnerabilities around, it won't be wise to download and open files from untrusted sources or even better still not share sensitive personal info on Instant Messengers.

"According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method".

Related Articles

  • Lithia Motors (LAD) Getting Somewhat Favorable News Coverage, Study Shows

    Royal Bank Of Canada sold 107,237 shares as Lithia Mtrs Inc (LAD)'s stock declined 9.84%. (NYSE:LAD) for 22,982 shares. Fiera Capital Corp increased Bce Inc (NYSE:BCE) stake by 138,621 shares to 1.09M valued at $51.04 million in 2017Q3.
    India's green cover swells by 8021 km2

    India's green cover swells by 8021 km2

    India has also shown an increase of 39 million tonnes in its carbon stock taking the total stock to 7083 million tonnes in 2017. Maharashtra and Gujarat were followed by Madhya Pradesh where the increase in water bodies was in an area of 389 sq km.

    Neurocrine Biosciences, Inc. (NBIX) Stake Lowered by Moody Aldrich Partners LLC

    To measure price-variation, we found NBIX's volatility during a week at 6.11% and during a month it has been found around 4.92%. Comparatively, Sangamo Therapeutics has a beta of 3.14, suggesting that its share price is 214% more volatile than the S&P 500.
  • Most Active Performers for the Day: Barrick Gold Corporation (NYSE:ABX)

    As the next round of earnings reports gets closer, investors will be closely monitoring results in comparison to Street estimates. North Carolina-based Wedge L Limited Partnership Nc has invested 0.01% in TESSCO Technologies Incorporated (NASDAQ:TESS).

    Uber Is Setting New Limits to Help Prevent Accidents From Drowsy Driving

    Meaning, a driver who takes breaks throughout the day would theoretically be able to work for more than 12 hours at a time. But longer waits such as those in airport cues, and other idling exceeding five minutes, will not count.
    Nepal beats UAE, registers second win of the tournament

    Nepal beats UAE, registers second win of the tournament

    The task is monumental as Canada is a strong contender and also the victor of the Division 3 tournament played in 2017. Like always Nepal's poor form with the bat continued as they lost openers cheaply without troubling the scoreboard.
  • Johnson & Johnson (JNJ) - Profit Margins Analysis

    Phill Gross increased its stake in Johnson & Johnson ( JNJ ) by 1.2% based on its latest 2017Q3 regulatory filing with the SEC. Baird maintained the shares of FB in report on Thursday, February 1 with "Buy" rating. (NYSE:CF) rating on Tuesday, June 6.
    PM Narendra Modi visits Sultan Qaboos Mosque, leaves for New Delhi

    PM Narendra Modi visits Sultan Qaboos Mosque, leaves for New Delhi

    The two sides renewed their commitment to work closely to strengthen maritime security in the Gulf and the Indian Ocean region. Abbas further called on India to support its drive for a multi-lateral sponsorship of any future peace negotiations.
    Big Cass Back At WWE Performance Center

    Big Cass Back At WWE Performance Center

    The last calendar year has been frightful when it comes to injuries, and Cass is among the top up-and-coming talents in WWE. Big Cass has been sidelined with an ACL injury for the past nine monthsWhat's the story? In case you didn't know... ...
  • A Few Clear Signs for Wal-Mart Stores Inc. (WMT)

    Flippin Bruce And Porter has invested 1.56% in Walmart Inc. (NYSE:WMT) has "Buy" rating given on Tuesday, May 9 by Gordon Haskett. Perhaps, that suggests something about why 1.24% of the outstanding share supply is held by institutional investors.

    Universal Display Stock Rallies On Samsung Licensing Deal

    It improved, as 57 investors sold SPG shares while 202 reduced holdings. 61 funds opened positions while 194 raised stakes. Toronto Dominion Bank & Trust holds 0% of its portfolio in Universal Display Corporation (NASDAQ:OLED) for 2,450 shares.

    Analysts Ratings on: New Residential Investment Corp. (NRZ)

    According to Wilder, any number above 70 should be considered overbought and any number below 30 should be considered oversold. The (Simple Month Average) SMA20 is at -5.59 percent, its SMA50 Value is -7.69% and SMA200 value is reported as -3.54 Percent.