Yet another day brings yet another tale of woe about mining malware. Back in the day we had viruses and worms to worry about, and then came a surge of spyware, today the hackers want your computer to mine them more Monero. The latest victim is messenger app Telegram which has been exploited to run mining malware.
According to security researchers at Kaspersky Lab a zero day vulnerability in Telegram’s desktop app has been exploited to deliver multipurpose malware. A zero day exploit is an attack that targets a previously unknown vulnerability, the victims literally have zero days to fix and patch the exposed systems.
Mining malware delivered
The malicious code can be used as a back door to deliver mining malware to the target computer. As in other cases it would then leech the machine’s processing power to surreptitiously mine for Monero and Zcash, two anonymous cryptocurrencies.
The cyber security team discovered that the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. This is often used on languages that read from the right such as Arabic or Hebrew. Users can be tricked into downloading malicious files which can be disguised as images. Additionally while analyzing the threat, researchers found archives containing a Telegram local cache that had been stolen from victims.
Remote access exploit
One the exploit had been compromised a backdoor that used the Telegram API as a command and control protocol was installed, resulting in the hackers gaining remote access to the victim’s computer. Once it had access it switched to silent mode enabling the infestation of further malware and mining processes.
Kaspersky Lab analyst Alexey Firsh commented;
“The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals. We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a