Sunday, February 25, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
MWC: The Cat S61 Smartphone Measures Distances, Senses the Quality of Air
MWC: TCL Introduces Alcatel 5, 3 and 1 Smartphone Series, Android Oreo Smartphone and Tablets
IBM Researchers Talk About the Future of EUV at SPIE
Xiaomi and Microsoft Expand Their Collaboration in cloud, Devices and AI Areas
Google's Augmented Reality SDK ARCore 1.0 Released, Google Lens Updated
Google Assistant is Going Global
TEAC Releases New Reference Series Hi-Res Audio Models
First Affordable Android Go Smartphones Coming Next Week
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Telegra...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, February 13, 2018
Telegram Messenger Vulnerability Spread Multipurpose Malware


Kaspersky Lab researchers have uncovered attacks being carried out by a new piece of malware using a zero-day vulnerability in the Telegram Desktop app.

The vulnerability was used to deliver multipurpose malware, which depending on the computer can be used either as a backdoor or as a tool to deliver mining software. According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash, etc.

According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers. Kaspersky Lab reported the vulnerability to Telegram and the zero-day flaw has not since been observed in messenger's products.

During their analysis, Kaspersky Lab experts identified several scenarios of zero-day exploitation in the wild by threat actors. Firstly, the vulnerability was exploited to deliver mining malware. By using the victim's PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others. Moreover, while analyzing a threat actor's servers, Kaspersky Lab researchers found archives containing a Telegram local cache that had been stolen from victims.

Secondly, upon successful exploitation of the vulnerability, a backdoor that used the Telegram API as a command and control protocol was installed, resulting in the hackers gaining remote access to the victim's computer. After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools.

The artefacts discovered during the research indicate Russian origins of cybercriminals, Kaspersky added.



Previous
Next
Arm's Project Trillium Offers Scalable, Machine Learning Compute Platform        All News        UK Uses Machine Learning to Fight Terrorist Content Online
Arm's Project Trillium Offers Scalable, Machine Learning Compute Platform     General Computing News      UK Uses Machine Learning to Fight Terrorist Content Online

Get RSS feed Easy Print E-Mail this Message

Related News
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone
New Mac OS X Malware Steal Passwords, And iPhone Backups
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .