Hackers exploit a vulnerability in Telegram to deploy malicious software

Researchers at Kaspersky Lab have found attacks on new malicious software by exploiting a security vulnerability in the Telegram desktop application, which was previously unknown.

The loophole was used to deliver multi-purpose malicious software to users' machines, which could be used either as a back-end or as a tool to introduce mining software, depending on the nature of the work of the infected computer.

According to research by specialists at Kaspersky Lab, the gap has been actively exploited since March 2017 for the exploration of digital currencies, such as the currency of Monroe and Cash and others.



Social messaging has long been an essential part of people's lives online and is designed to facilitate communication in order to stay in touch with friends and family. At the same time, however, these services can complicate matters much if they are attacked electronically.

For example, Kaspersky Lab last month published a research report on advanced malware targeting mobile devices, a Trojan capable of stealing Wattab messages.

The latest research has revealed that experts who have been able to identify real attacks exploit an unknown gap in the desktop version of the Telegram instant messaging application.

The gap found in Telegram, according to the research, lies in the RLO standard "right-to-left", which is used to encode languages ​​written from right to left, such as Arabic.

However, this standard can also be used by malware producers to mislead users and get them to download malicious malicious files, such as images.

The attackers used a character hidden in the filename of Unicode characters, after the attack reversed the order of the characters, which gave the file itself a different name.

As a result, users downloaded hidden malicious software that was later installed on their computers, unknowingly.

Kaspersky Lab was quick to inform Telegraph about the gap, and no exploitation of the gap has been observed in any of the application products.

In their analysis, Kaspersky Lab experts have identified several scenarios for attacks by vandals by exploiting the unknown gap. First, exploiting the loophole to deliver malicious mining software that can cause significant harm to users. Cybercriminals create different types of digital currencies using computing power For the victim's device.

Furthermore, when analyzing the servers used by criminals, Kaspersky Lab researchers found archive archives containing records of the locally stored Telegram application after being stolen from the victims.

The second scenario was the installation of a back entrance after the successful exploit of the gap. The application API is used as a command and control protocol, giving hackers the ability to remotely access the victim's computer.

The back entrance starts silently after installation, preventing the hacker from being detected in the network and enabling him to execute various commands, including the installation of more spyware. The purposes discovered during the search indicated that the terrorists were of Russian origin.

Alexei Versch, a malware analyst at Kaspersky Lab's attack research department, called on application developers to pay attention to providing appropriate protection for IM users so that they do not become easy targets for criminals, citing the widespread popularity and popularity of these applications. Several scenarios have taken place in exploiting this previously unknown loophole, in which malicious and general malicious software was transmitted to victims' bodies, as well as in the delivery of mining software for digital currency exploration, which has become a global trend we have witnessed throughout the world We believe that there are other ways to exploit this gap. "

Kaspersky Lab recommends that you take the following precautions to protect your computer from any infection:

- Do not download and open unrecognized files from untrusted sources
- Avoid sharing sensitive personal information in instant messages
- Install a reliable security solution to detect and protect all potential threats, including malicious mining software.