Chat app Telegram is tricking users into installing cryptomining malware

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary Telegram – cryptomining malware:
A must-read story from techrepublic.com calls out a revealing fact that Telegram users have become the victims of right-to-left coverage attacks, which makes them think of the Javascript file as a .PNG file with encryption and command and control software installed at runtime.
Attacks were reportedly limited to Russia, but, similar to similar attacks, terrorist attacks are likely to spread. The U.S. security team should ensure that anyone who uses Telegram’s work has the latest version and warns employees not to open attachments of unknown origin.
Telegram Vulnerability
Kaspersky Labs reported a zero-day vulnerability found in the popular messaging app Telegram, which allows hackers to install backdoors and encrypt malware.
Telegram attacks are targeted at telegraph desktop applications and are used to display right-to-left alphabets, such as Hebrew and Arabic, by utilizing the right to left overlay (RLO) feature. Using RLO to rename a portion of a file, as in this attack, can convince users to download malicious code disguised as different types of files.
Alexey Firsh, a malware analyst at Kaspersky Lab, analyzed in detail the work of telegraph hackers, saying that such an attack could only be found in Russia, but that it was not the reason for complacency – an attack that spread easily.
Make a malicious email with Telegram
RLOs can be done on documents or messages just as if right-to-left alphabets were used. The unicode character U + 202E will also reverse any text that follows it and can be used in filenames and documents.
In Kaspersky Lab’s Russian telegraph hacking attacks, unicode RLO completed a javascript file called gnp.js. The full file name photo_high_re * U + 202E * gnp.js is displayed to the recipient as its photo_high_resj.png. The attacker must open the Javascript file and then install the attacker’s malware.
What attackers are installing in Telegram
When investigating Telegram RLO attacks, Kaspersky Lab uncovered two different types of malware: cryptographic software and the back door that used the Telegram API as a command and control protocol.
Like others, the attack-installed encryption software uses the victim’s CPU and GPU to mine cryptocurrencies for the attacker.
Encrypting malware is dangerous and can have a devastating effect on your hardware and extend it to the limit. This is where the danger ends – nor can command and control software attackers say these attackers are installing.
As shown below, a complete list of commands available to an attacker allows an attacker to install additional malware, steal system information, or terminate a process that threatens its operation.
Kaspersky Lab also reported that its investigation found that the local cache of user telegrams is an attacker, which means that attackers may also be able to steal personal data.
Kaspersky contacted the Telegram team and said zero days no longer apply to the testing of Telegram software updates.
Other chat programs and outdated versions of the telegraph may still have vulnerabilities. IT teams need to ensure that users with telegrams are up to date with the latest version and that all users receive training on the importance of not opening files of unknown origin.

Read More…
Telegram users are being fooled into running malicious Javascript disguised as image files thanks to a unicode text reversal trick. Engaging post, Read More…
thumbnail courtesy of techrepublic.com

(adsbygoogle = window.adsbygoogle || []).push({});

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Chat app Telegram is tricking users into installing cryptomining malware appeared first on Safe Harbor on Cyber.