Cyber-Criminals Exploits Zero-Day Messaging Telegram

Cyber-Criminals Exploits Zero-Day Messaging Telegram

Cryptocurrency
February 15, 2018 by Bitzamp
291
Cyber-Criminals Exploits Zero-Day Messaging Telegram According to Kaspersky Lab, Russian cyber-criminals have been exploiting a zero-day flaw in popular service Telegram, allowing them to remotely install new malware which could be used as a backdoor or a means to deliver crypto-mining software. Also Read: ADB.Miner worm scans Infects android devices. According to the research, the
Bitzamp

Cyber-Criminals Exploits Zero-Day Messaging Telegram
According to Kaspersky Lab, Russian cyber-criminals have been exploiting a zero-day flaw in popular service Telegram, allowing them to remotely install new malware which could be used as a backdoor or a means to deliver crypto-mining software.

Also Read: ADB.Miner worm scans Infects android devices.

According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash, etc.
Researchers believe the Russian cybercriminal group exploiting the zero-day were the only ones aware of the vulnerability and have been using it to distribute malware since March 2017. Although it’s unknown how long the vulnerability had existed before that date.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers. Kaspersky Lab reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger’s products.
The RLO (right-to-left) coding method is generally used for coding languages written in a way such as Arabic and Hebrew, but attackers were able to leverage it in order to alter code.

The attacks have also been seen to steal Telegram directories from victims, including information about their personal communications and files sent and received.
The vulnerability can be used to carry out a variety of attacks against an infected machine. One payload attackers distribute in this way can be used to take remote control of the machine.
A backdoor with the Telegram API would be installed, allowing hackers remote access to the victim’s computer. After installation, it began to work in silent mode, which allows the actor of the threat to remain unnoticed in the network.

“The popularity of instant messenging services is incredibly high, and it’s very important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” argued the vendor’s malware analyst, Alexey Firsh.

The vulnerability has now been closed after Telegram was notified, but Kaspersky Lab urged users not to download or open unknown files from untrusted sources.


Join Us On Telegram


 

Add a Comment