Telegram Messenger Zero-day Vulnerability

Hackers recently exploited a Telegram messenger zero-day vulnerability to spread multi-purpose malware.  The malware can be used as a backdoor to extract sensitive information, or as a tool to deliver software in order to mine cryptocurrencies, which can have an impact on performance and electricity.

The vulnerability works by using a hidden RLO Unicode character in the file name that reverses the order of the charterers, thus renaming the file, and then sending it to Telegram users.

For example, if a file named gnp.js is sent to the victim, the RLO function will re-order the characters, with the victim will see it as sj.png. The victim is tricked into believing it is only an image, and opens it, unknowingly downloading hidden malware onto the computer.

Since this news, Telegram has patched the vulnerability in its products reported by Kaspersky Lab. The firm suggests users keep an eye on the information they share, and exercise caution regarding sensitive data, in addition to keeping their AV updated.

In order to protect your computer from any infection, Cynet recommends the following:

  • Do not download / open unknown files from unknown sources.
  • Try to avoid sharing any sensitive personal information in messenger applications.
  • Install a reputable security solution that detects and protects from all possible threats, including malicious mining software.