reader comments 54
Makers of the Telegram fast messenger have mounted a crucial vulnerability that hackers were actively exploiting to install malware on clients’ computers, researchers spoke of Tuesday.
The flaw, which resided in the windows edition of the messaging app, allowed attackers to conceal the names of connected info, researchers from security enterprise Kaspersky Lab talked about in a weblog publish. by using the text-formatting standard known as Unicode, attackers have been able to trigger characters in file names to seem from appropriate to left, in its place of the left-to-appropriate order that is general for many Western languages.
The technique worked by using the special Unicode formatting *U+202E* which explanations textual content strings following it to be displayed from correct to left. as a result, Telegram for home windows transformed information with names equivalent to “photo_high_regnp.js” to “photo_high_resj.png,” giving the look they have been benign image data in place of files that achieved code.
Malware that makes use of appropriate-to-left formatting dates returned to as a minimum 2009. 4 years in the past, the appropriate-to-left Unicode trick made a reappearance with malware that focused computers working both windows and macOS.
Kaspersky Lab stated hackers with ties to Russian crime gangs have been exploiting the Telegram vulnerability to deploy two kinds of malware on vulnerable computers. One class of malware acted as a persistent backdoor that gave the attackers comprehensive manage over the compromised computing device. The different malware mined cryptocurrency. it be not clear when Telegram fastened the vulnerability. To be exploited, targets would should click via a home windows warning comparable to the one pictured above. Kaspersky Lab spoke of the flaw affected best the home windows edition of the app.