Any platform that is built on software has a potential of being hacked and that is why companies employ people that make sure that their systems are not vulnerable to exploits that are targeted by hackers.
Now Kaspersky Lab is claiming that their researchers have uncovered attacks that are being carried out using new malware using zero day vulnerability that targets the Telegram Desktop app
According to the research, the zero day vulnerability is based on the right to left override Unicode method which is used to code languages that are written from right to left (like Arabic). This can also be used by malware creators to mislead people to download malicious files that are disguised like images for example.
The hackers use a hidden Unicode character in the file name that reversed the order of the characters, hence renaming the file itself. This ends up being downloaded by users and installed on their computers.
According to Kaspersky, there are several scenarios this zero day exploitation can turn out. The vulnerability could be used to deliver mining malware, which as you know can lead to your computer’s processor being stressed to the max. In other cases, the researchers found in the hackers servers archives containing a Telegram local cache that had been stolen from victims. In addition, this exploit could be used to gain remote access to the victim’s computer.
Kaspersky Lab says that they reported the vulnerability to Telegram and until this release, the zero day flaw has not since been observed.
With such vulnerabilities around, it won’t be wise to download and open files from untrusted sources or even better still not share sensitive personal info on Instant Messengers.