Home Cybersecurity Hackers Hijack PCs for Mining Cryptocurrencies Through the Telegram Desktop App

Hackers Hijack PCs for Mining Cryptocurrencies Through the Telegram Desktop App

Posted: February 15, 2018

hijacked pcs mining cryptocurrencies via telegram appResearchers from Kaspersky Lab have come across a new zero-day vulnerability in one of the popular social messaging services. The security bug concerns the Telegram Desktop application, and it allows for a number of severe cyber attacks, including hijacking vulnerable devices with the purpose of mining cryptocurrencies, as well as deploying other multi-functional malware. Kaspersky Lab claims that this vulnerability has been exploited in actual attacks since March last year, whereby, infected computers have been abused mainly for mining three cryptocurrencies - Monero, Zcash, and Fantomcoin.

The vulnerability hides in the right-to-left override Unicode method implemented by the Telegram app – a method typically used by programmers for coding languages written from right to left like Hebrew or Arabic. In this case, however, hackers can misuse it to trick users into downloading malicious files disguised as images. For that purpose, the compromised file must be renamed by inserting a Unicode character in the file name which reverses the order of the remaining characters.

Through the misuse of the Unicode method, the attackers have been able to install a backdoor on target computers using the Telegram API as a command-and-control protocol for obtaining remote access to the PCs. That allows for the execution of various commands at the attackers' own discretion, including the installation of additional malware or spyware tools. Experts believe that the Telegram vulnerability can be abused in many ways, but the most common possibility is to exploit the flaw to deliver malware for mining cryptocurrencies on target PCs. After that, the attackers can employ the infected device's computing resources for creating different cryptocurrencies, which can cause significant damages to users. Kaspersky researchers also claim that the analysis of the conducted attacks shows the hackers have been stealing from users archives containing a Telegram local cache.

Kaspersky Lab has already reported the zero-day vulnerability to the developers of Telegram, and currently, the flaw is no longer found in the messenger app. In its press release, the cybersecurity company also states there is evidence of Russian origin for the hackers who have exploited the Telegram vulnerability.

Loading...