Hackers are unpredictable and they could come up with millions of ways to attack anything. This time attackers have compromised a non-profit cloud-based instant messaging service Telegram. According to Kaspersky Lab researchers, cyber-criminals have been able to exploit a vulnerability in Telegram to spread cryptocurrency miner to earn cryptocurrencies such as Monero and ZCash. The Telegram “zero day” flaw was used to distribute multipurpose malware, which depending on the device can be used either as a backdoor or as a tool to deliver mining software. First things first, let’s take a look at what is zero day vulnerability.
It is an attack that takes advantage of a security flaw on the same day that the vulnerability becomes generally known. In short, a zero-day attack happens once the vulnerability of software/hardware is exploited and attackers release malware before a coder has an opportunity to patch to fix the vulnerability. It can create problems well before anyone realizes something is wrong.
Telegram is one of the most popular end to end encrypted app used by cryptocurrency enthusiasts.
- Attackers first created one JS file. This file is used mainly to run client side JavaScript code on a webpage. The name of that file was evil.js.
- After that, they renamed this evil.js file as photo_high_re*U+202E*gnp.js.
- Now, as mentioned earlier, this *U+202E* is the right-to-left override unicode method which they used to make Telegram display the remaining string of the file gnp.js in reverse. It means, “gnp” is now displayed in reverse i.e. “png”.
- So, the name of the file is now “photo_high_resj.png” file. After completing this, attackers didn’t change the actual file extension .js.
- After that they sent the message to the recipient and recipient saw it as an incoming image file.
How to protect your PC from any such infection?
- Users should not download and click unknown files from untrusted sources
- Do not share any personal, confidential information in instant messengers
- Install reliable anti-virus.
