Telegram app purged of critical flaw attackers were actively exploiting

Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users’ computers, researchers said Tuesday.

The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post
. By using the text-formatting standard known as Unicode
, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that’s normal for most Western languages.

The technique worked by using the special Unicode formatting *U+202E* which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as “photo_high_regnp.js” to “photo_high_resj.png,” giving the appearance they were benign image files rather than files that executed code.

Malware that uses right-to-left formatting dates back to at least 2009
. Four years ago, the right-to-left Unicode trick made a reappearance with malware that targeted computers running both Windows and macOS
.

Kaspersky Lab said hackers with ties to Russian crime gangs were exploiting the Telegram vulnerability to install two types of malware on vulnerable computers. One type of malware acted as a persistent backdoor that gave the attackers complete control over the compromised computer. The other malware mined cryptocurrency. It’s not clear when Telegram fixed the vulnerability. To be exploited, targets would have to click through a Windows warning similar to the one pictured above. Kaspersky Lab said the flaw affected only the Windows version of the app.

arstechnica稿源:arstechnica (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 移动互联 » Telegram app purged of critical flaw attackers were actively exploiting

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录