Makers of the Telegram present follower have bound a vicious disadvantage that hackers were actively exploiting to install malware on users’ computers, researchers pronounced Tuesday.
The flaw, which resided in the Windows chronicle of the messaging app, allowed enemy to costume the names of trustworthy files, researchers from confidence organisation Kaspersky Lab pronounced in a blog post. By using the text-formatting customary famous as Unicode, enemy were means to means characters in file names to seem from right to left, instead of the left-to-right sequence that’s normal for many Western languages.
The technique worked by using the special Unicode formatting *U+202E* which causes content strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as “photo_high_regnp.js” to “photo_high_resj.png,” giving the coming they were soft picture files rather than files that executed code.
Malware that uses right-to-left formatting dates back to at slightest 2009. Four years ago, the right-to-left Unicode pretence done a reappearance with malware that targeted computers using both Windows and macOS.
Kaspersky Lab pronounced hackers with ties to Russian crime gangs were exploiting the Telegram disadvantage to install two forms of malware on exposed computers. One form of malware acted as a determined backdoor that gave the enemy finish control over the compromised computer. The other malware mined cryptocurrency. It’s not transparent when Telegram bound the vulnerability. To be exploited, targets would have to click by a Windows warning identical to the one graphic above. Kaspersky Lab pronounced the smirch influenced only the Windows chronicle of the app.