Kaspersky Lab specialists detected a “zero day vulnerability” in the client of the Telegram for Windows messenger, TJ told the company. It was used since March 2017 and used, among other things, for the crypto currency of Monero, Zcash, Fantomcoin and others.
The company notified the developer of the vulnerability, after which it was eliminated. It was also used to distribute viruses to users’ computers. To do this, attackers used the Unicode character encoding – RLO (right-to-left override), which changes the name of the file and displays it mirrored. The victims could download the virus under the guise of an image and did not suspect that it was malware, explained in the “Laboratory”.
In addition, Kaspersky Lab’s experts found files on the servers of cybercriminals with the Telegram cache, which they pumped out from the victims. They contained encrypted content of various user materials sent in correspondence – documents, audio and video recordings, as well as photographs.
Kaspersky Lab’s antivirus expert Alex Firsch added that the company only investigated the case with the client for Windows and does not rule out that the vulnerability affected other platforms. At the same time, he stressed that it was only a client for the PC.
The company said that all cases of vulnerability were recorded in Russia. From the actions of intruders, up to a thousand users were affected.