Russian Cyber-Criminals Exploit Zero-Day Flaw in Telegram to Install Malware
Russian cyber-criminals have been taking advantage of a zero-day vulnerability in the popular communication service Telegram, allowing them to remotely install new malware on users’ devices. This malware could potentially be used as a backdoor or to deliver crypto-mining software, as reported by Kaspersky Lab.
Zero-Day Exploitation
The security firm revealed that the zero-day flaw had been actively exploited since March 2017, primarily for mining cryptocurrencies like Monero and Zcash. The vulnerability was found in the desktop version of the encrypted messaging app, using a technique known as “right-to-left override” (RLO). This technique involves using a hidden Unicode character to reverse the characters in a file name, making malicious JavaScript files appear as harmless image files to deceive users.
Malicious Activities
The zero-day exploit was used to deliver digital currency miners such as CryptoNight and Equihash, which operate surreptitiously on victims’ machines to mine valuable cryptocurrencies. Additionally, another attack leveraging the zero-day flaw installed a backdoor using the Telegram API as a command-and-control (C&C) protocol, enabling attackers to gain remote access to compromised devices. This allowed the cyber-criminals to operate stealthily and potentially install spyware tools without detection.
Security Measures
Kaspersky Lab’s malware analyst, Alexey Firsh, emphasized the importance of developers providing adequate protection for users of instant messenger services to prevent them from falling victim to cyber-attacks. While the zero-day vulnerability has been patched by Telegram after being notified, users are advised to exercise caution and refrain from downloading or opening files from untrusted sources to mitigate the risk of malware infections.
“The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” Firsh stated.
“We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software — such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability.”
It is crucial for users to remain vigilant and stay informed about potential security threats in order to safeguard their devices and personal information from cyber-attacks.