Remember Hackers will never exist with what we call software, so any platform built on software should expect hacking anytime. That is why businesses hire people to ensure that their systems are not vulnerable to hackers.
Now Kaspersky Lab is saying that its researchers have discovered attacks that are being carried out using new malware using zero day vulnerability that targets the Telegram Desktop app.
The report from research says that the zero day vulnerability is based on the right to left override Unicode method which is used to code languages that are written from right to left (like Arabic). This could also be used by malware creators to mislead potential users to download malicious files that are disguised like images for example.
The hackers use a hidden Unicode character in the file name that reversed the order of the characters, hence renaming the file itself. This ends up being downloaded by users and installed on their computers.
According to Kaspersky, there are several scenarios this zero day exploitation can turn out. The vulnerability could be used to deliver mining malware, which as you know can lead to your computer’s processor being stressed to the max. In other cases, the researchers found in the hackers servers archives containing a Telegram local cache that had been stolen from victims. In addition, this exploit could be used to gain remote access to the victim’s computer.
Kaspersky Lab says that they reported the vulnerability to Telegram and until this release, the zero day flaw has not since been observed.
With such vulnerabilities around, it won’t be wise to download and open files from untrusted sources or even better still not share sensitive personal info on Instant Messengers.