Kaspersky Lab discovered a zero-day vulnerability in the Telegram messenger, which was used by hackers to infect a Windows application and distribute software for mining. This is stated in the company's message, which was received by the editorial office.According to experts, the attackers used a breach at least since March 2017. "Kaspersky Lab" notified the messenger developers about the problem, today the vulnerability is closed, "experts say. All cases of exploitation of the software vulnerability were fixed in Russia.
Hackers used the so-called right-to-left override (RLO) attack. RLO is a special non-printing Unicode character that mirrors the direction of characters located next to and is used in texts that are reproduced from right to left, for example, in Arabic or Hebrew. In the Unicode table, the symbol is represented by the code 'U + 202E'.
Hackers used RLO to change the order of characters in the file name and its extension. Thus, the victim of the attack downloaded malicious or spyware from the messenger with the modified extension, believing that they downloaded images, audio recordings or video. And they launched it, not even suspecting that this executable file would be viral. As the command protocol of the software used Telegram API.
Telegram - a free messenger for smartphones and other devices, allowing you to exchange text messages and media files in various formats.
Information Source: Kaspersky Lab