Telegram 0-Day Used to Spread Monero and Zcash Mining Malware

Discussion in '0-day Release' started by silversurfer, Feb 13, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware, researchers from Kaspersky Lab plan to reveal today.

    The zero-day has been fixed in the meantime, but Kaspersky researcher Alexey Firsh says crooks appear to have used the flaw for months before he discovered it last October.

    According to Firsh, the zero-day is in how the Telegram Windows client handles the RLO (right-to-left override) Unicode character. This character is used to switch between RTL to LTR text display.

    Firsh says crooks spammed Telegram users with messages containing file attachments. The file names contained the RLO character, which changed text display direction right in the middle of the file's name.

    Full Article:
    Trim, Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page