Cybersecurity firm, Kaspersky Lab has uncovered a critical zero-day vulnerability in Telegram Messenger that allowed hackers to mine cryptocurrency on the client’s desktop version. The report states that the mining operations could have been underway since March 2017. Due to the vulnerability, hackers have been able to rack up cryptocurrencies such as ZCash, Monero and Fantomcoin among others.
“The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals. We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability.” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.
The research firm notes that the vulnerability was based on “RLO (right-to-left override) Unicode method.” It is generally used for coding languages such as Hebrew and Arabic that are written from left to right. It can also be used by malware creators to mislead users to download malicious files, such as images.
Using hidden Unicode character in the file name, attackers were able to reverse the order of characters, while also renaming the file itself. Users ended up downloading hidden malware that was installed on their desktop computers. Hackers used the computing power of victim’s PCs for creating different types of cryptocurrencies.
Kaspersky Lab did report the vulnerability to Telegram and while publishing the report, the security firm did not find the zero-day flaw in the messenger’s products. To keep your PC safe from such vulnerabilities, Kaspersky Lab recommends not to open or download unknown files from untrusted sources. Users should also try and avoid sharing sensitive personal information in instant messages. Lastly, the firm also advices to install a good anti-virus program that can detect such vulnerabilities and protect you from such possible threats.