You are here: Home » News-ANI » Technology
Business Standard

Telegram messenger being used to spread multipurpose malware

ANI  |  New Delhi [India] 

researchers have uncovered cyber attacks being carried out by a new piece of using a zero-day vulnerability feature in Desktop app.

The vulnerability, Kaspersky said, is being used to deliver multipurpose malware, which, depending on the computer, can be used either as a backdoor or as a tool to deliver According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash, and others.

have long been an essential part of our connected life, designed to make it much easier to keep in touch with friends and family. At the same time, they can significantly complicate things if they suffer a cyberattack.

According to the research, zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by creators to mislead users into downloading malicious files disguised, for example, as images.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden which was then installed on their computers. reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products.

During their analysis, experts identified several scenarios of zero-day exploitation in the wild by threat actors.

Firstly, the vulnerability was exploited to deliver mining malware, which can be significantly harmful to users. By using the victim's PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others. Moreover, while analysing a threat actor's servers, researchers found archives containing a Telegram local cache that had been stolen from victims.

Secondly, upon successful exploitation of the vulnerability, a backdoor that used as a command and was installed, resulting in the hackers gaining remote access to the victim's computer. After installation, it started to operate in a silent mode, which allowed the to remain unnoticed in the network and execute different commands including the further installation of tools.

The artefacts discovered during the research indicate Russian origins of cybercriminals.

"The popularity of instant services is incredibly high, and it's extremely important that developers provide proper protection for their users so that they don't become easy targets for criminals. We have found several scenarios of this zero-day exploitation that, besides general and spyware, was used to deliver - such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability." said Alexey Firsh, Analyst, Research,

In the wake of such attacks, Kaspersky recommends users to avoid downloading or opening files from unknown sources, and sharing any sensitive personal information via instant messengers.

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Wed, February 14 2018. 16:10 IST