If you’ve never heard of Telegram, it’s an instant messaging platform that’s quickly gaining popularity for its emphasis on secure, private chats. In fact, the developers of Telegram are so confident in its security, that they’ve announced multiple hacking contests with six figure bounties. So far, none of the contests have found a winner.
One of the features that makes Telegram so nice to use is the ability to instantly share files with your friends. Pictures, word documents, PDFs, those sorts of things. But what if someone sent you an executable program. Would you run it? Probably not — but what if it looked like a picture, or a word document, or a PDF?
Beginning March 2017, many unsuspecting users fell victim to a vulnerability in how Telegram handled Unicode, specifically the “right-left override” character (or RLO). The RLO character is intended to reverse any text that precedes it. In some applications, the RLO is improperly handled and can cause the characters after the RLO to not be displayed. Telegram, however, displays strings with an RLO character correctly. So what’s the big deal?
This exploit was used to install malware such as backdoors and spyware, though some craftier attackers were using Telegram to trick people into running cryptominers. Kaspersky Labs uncovered the vulnerability in October 2017, which means this vulnerability existed for at least 8 months. Kaspersky Labs also noted that this was an increasingly popular exploit for 2017. Kaspersky Labs alleges that the source of the attack was Russian cybercriminals, and that no evidence was found to suggest the exploit was known outside of the Russian cybercriminal community.
Original article: https://www.csoonline.com/article/3254139/security/hackers-exploit-zero-day-flaw-in-telegram-to-mine-cryptocurrency.html
Kaspersky Labs: https://securelist.com/zero-day-vulnerability-in-telegram/83800/
Written by Jesse R.