Kaspersky Labs revealed today that a previously-unknown attack on the popular messaging app Telegram infects users’ devices with cryptocurrency mining malware. Research indicates that Russian cybercriminals have used this exploit since March 2017 to mine Monero, Zcash, and Fantomcoin.

What We Know about the Telegram Zero-Day

According to Kaspersky research Alexey Firsh, Telegram doesn’t handle the Unicode Right-To-Left Override (U+2020E) character correctly. Developers use this character to indicate that text must be read right-to-left, such as for Hebrew and Arabic. By hiding this character in a filename, attackers can force the app to reverse text and thereby rename files.

An example of this attack involved spammers sending links to the file “photo_high_re*U+202E*gnp.js”. When Telegram attempts to display the name to the recipient, it will reverse all letters coming after the RTL character. This yields the filename “photo_high_resj.png”, thereby masking the Javascript file as a PNG image. When a user attempts to view the image, they actually run the JS file, which infects their device.

Most attacks carried out with this exploit infected devices with cryptocurrency mining malware. As we mentioned in our Monero article, cryptocurrencies like Monero, Zcash, and Fantomcoin have inherent identity-masking features, which allow for attackers to easily abscond with funds. Other attacks include the installation of Trojans controllable with Telegram’s API and the theft of user data.

No one knows how much the attackers have collected so far, but Kaspersky indicates that Telegram has patched the vulnerability sometime after disclosure in October 2017.

More Reading

• Bleeping Computer article
• Bloomberg article
• ZDnet article

Secure Compliance Solutions is the trusted security advisor for Chicagoland’s small-to-medium businesses. We offer a variety of services that promote a strengthened security posture and a culture of compliance. Our solutions include: risk advisory services, strategic cybersecurity planning, security and privacy awareness, regulatory guidance, penetration testing, and managed security services. We tailor our engagements and solutions to align with your cultural needs and business objectives; not the other way around. We keep your appetite for risk, budget constraints, and timeline in mind to define strategy and operational tactics that maximize your return on investment. At SCS, we help you navigate the course of your cybersecurity journey.