Windows Vulnerability with customer Telegram enabled to disseminate malware and do cryptocurrencies mining

news | Feb 13, 2018 | Tech & Security |

278

Kaspersky Laboratories, the antivirus company informed about the 0-day vulnerability in the Telegram. The Company’s experts have discovered that hackers were able to disseminate malware and get access to the victim’s computer through the official version of the messenger’s Version for Windows. Users’ files could be under threat. Intruders could install a cryptocurrency miner on the victim’s computer.

The Kaspersky Laboratories’ experts claim that the vulnerability enabled to mount the so-called RLO attack using Telegram bots.

Hackers deceive the victim using the non-printed symbol RLO (right-to-left override, code U+202E) of the Unicode coding, which is intended for typesetting in Hebrew or Arabic. The symbol enables to reverse the file name of part of it. For example, the file named photo_high_re*U+202E*gnp.js will turn into photo_high_resj.png and the user will get a malware code disguised as a standard picture.

Several hours after the publication, the Telegram’s developers removed the vulnerability.

Pavel Durov, the messenger’s founder, reacted to the Kaspersky Laboratories’ investigation on his Telegram channel. He urged to take a critical look at the statements by antivirus companies which often exaggerate the importance of their words in order to attract attention.

Durov also emphasized that the hacking method Kaspersky Laboratories described cannot be considered vulnerability, because in order for the attack to be successful, the user needs to manually confirm the launch of the malware code. He also agreed with the opinion of the Telegram Geeks community that disguising js as png using the RTL symbol is rather part on social engineering but not a hacker attack.

Users who did not open suspicious files and did not allow the launch of suspicious programmes on their computers have certainly remained safe.