Telegram 0-Day Used to Spread Monero and Zcash Mining Malware[source: bleepingcomputer]

by CIRT Team

Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware, researchers from Kaspersky Lab plan to reveal today.

The zero-day has been fixed in the meantime, but Kaspersky researcher Alexey Firsh says crooks appear to have used the flaw for months before he discovered it last October.

The ol’ filename fliparoo

According to Firsh, the zero-day is in how the Telegram Windows client handles the RLO (right-to-left override) Unicode character. This character is used to switch between RTL to LTR text display.

Firsh says crooks spammed Telegram users with messages containing file attachments. The file names contained the RLO character, which changed text display direction right in the middle of the file’s name.

For example, in one campaign crooks sent users a file named “photo_high_re*U+202E*gnp.js”, where *U+202E* is the RLO character.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping