WOBURN, MA – February 13, 2018 — /BackupReview.info/ — Kaspersky Lab researchers have uncovered ‘in the wild’ attacks being carried out by a new piece of malware using a zero-day vulnerability in the Telegram Desktop app. The vulnerability was used to deliver multi-purpose malware, which depending on the computer, can be used either as a backdoor or as a tool to deliver mining software. According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash and more.

Social messaging services are an essential part of connected life, providing an easier way to keep in touch with friends and family. At the same time, they can significantly complicate life if they suffer a cyberattack. Last month, Kaspersky Lab published research on advanced mobile malware known as the Skygofree Trojan, which is able to steal WhatsApp messages. Now, Kaspersky Lab’s latest research reveals in the wild attacks with a new, previously unknown vulnerability in the desktop version of another popular instant messaging service – Telegram.

According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew; however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers. Kaspersky Lab reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in the messenger’s products.

During their analysis, Kaspersky Lab experts identified several scenarios of zero-day exploitation in the wild by threat actors. First, the vulnerability was exploited to deliver mining malware, which can be significantly harmful to users. By using the victim’s PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others. In addition, while analyzing a threat actor’s servers, Kaspersky Lab researchers found archives containing a Telegram local cache that had been stolen from victims.

Secondly, upon successful exploitation of the vulnerability, a backdoor that used the Telegram API as a command and control protocol was installed, resulting in the hackers gaining remote access to the victim’s computer. After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools.

The artifacts discovered during the research indicate Russian origins of cybercriminals.

“The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals,” said Alexey Firsh, malware analyst, targeted attacks research, Kaspersky Lab. “We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability.”

Kaspersky Lab products detect and block the exploitation cases of this discovered vulnerability.

In order to protect your PC from any infection, Kaspersky Lab recommends the following:

  • Do not download and open unknown files from untrusted sources;
  • Avoid sharing any sensitive, personal information in instant messengers;
  • Install a reliable security solution such as Kaspersky Internet Security or Kaspersky Free that detects and protects from all possible threats, including malicious mining software.

Learn more about the discovered zero-day vulnerability, including technical details, on Securelist.com

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company that celebrated its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Jessica Bettencourt

Source: Kaspersky Lab



General Tags: compare online backups, top rated online backups, online backup, online backup companies, online backup providers directory, online file storage, CEO interviews, online backup news, data security, cloud computing, software as a service, data storage, online backup reviews, online data backup, backing up online, SaaS, online backup services, online file backup

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Kaspersky Lab Discovers New Upgrades to Notorious Gaza Team Cybergang’s Malicious Toolset
  2. Kaspersky Lab Discovers Grabit: A Cyber-spy Tracking SMBs in Thailand, India and the US
  3. Kaspersky Lab Discovers Smart Home Hub Vulnerable to Remote Attacks
  4. Kaspersky Lab and WISeKey Launch an Encrypted Vault for all that is Precious on your Mobile: The WISeID Kaspersky Lab Security App
  5. One Billion More: Kaspersky Lab Reports on Cyber Threats in 2014
  6. Mine a Million: Kaspersky Lab Identifies Sophisticated Hacker Group Earning Millions through Mining Malware
  7. Kaspersky Lab Report Finds Exploit Leaks Led to Over Five Million Attacks in Q2 2017
  8. Kaspersky Lab Number of the Year 2016: 323,000 Pieces of Malware Detected Daily
  9. Kaspersky Lab Detected a 14% Increase in New Ransomware Modifications in Q1 2016
  10. Kaspersky Security for Storage Certified with Dell EMC FluidFS v6

Tags: , , ,