Critical Telegram flaw under attack disguised malware as benign images

by
Dan Goodin
from Ars Technica - All content on (#3FTY8)
telegram-vulnerability.jpg

Enlarge (credit: Kaspersky Lab)

Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users' computers, researchers said Tuesday.

The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

The technique worked by using the special Unicode formatting *U+202E*, which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as "photo_high_regnp.js" to "photo_high_resj.png," giving the appearance they were benign image files rather than files that executed code.

Read 2 remaining paragraphs | Comments

index?i=18Rmy27UvxA:sKaBsPt-4Rc:V_sGLiPB index?i=18Rmy27UvxA:sKaBsPt-4Rc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments