Visit our new website:

Critical Telegram flaw under attack disguised malware as benign images

  • Wed, 14 Feb 2018 16:46

Enlarge (credit: Kaspersky Lab)

Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users' computers, researchers said Tuesday.

The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

The technique worked by using the special Unicode formatting *U+202E* which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as "photo_high_regnp.js" to "photo_high_resj.png," giving the appearance they were benign image files rather than files that executed code.

Read 2 remaining paragraphs | Comments

Biz & IT – Ars Technica



Related Stories

Keith Richards: London will be Rolling Stones’ most critical audience
  • Wed, 23 May 2018 03:25

The guitarist was speaking ahead of the band’s shows at the London Stadium and Twickenham. Top Stories:

Baidu spins out its global ad business to sharpen its focus on artificial intelligence
  • Wed, 23 May 2018 01:40

Baidu, the Chinese search giant, is spinning out its business unit responsible for utility apps and its mobile ad business to sharpen its focus on ar...

Manchester attack: Choirs lead mass sing-along
  • Wed, 23 May 2018 01:40

Choirs lead a chorus of amateur voices in a sing-along to remember the Manchester attack victims. BBC News - England

Facebook's Zuckerberg to apologise to EU lawmakers over data leak
  • Tue, 22 May 2018 23:40

BRUSSELS (Reuters) - Facebook boss Mark Zuckerberg arrived to meet European Union lawmakers on Tuesday ready to apologise for a massive data leak, in ...

Elon Musk to fix Tesla 'braking flaw'
  • Tue, 22 May 2018 22:59

Flaws pointed out in a review of Tesla's Model 3 have prompted Elon Musk to make changes. BBC News - Technology

Britain mourn victims of Manchester attack one year on
  • Tue, 22 May 2018 21:58

Britain will commemorate twenty-two people who died in the Manchester terrorist attack at an Ariana Grande concert one year ago. A national minute of ...

Disgruntled shortbread factory worker jailed for 'cowardly' attack
  • Tue, 22 May 2018 21:46

A judge described the attack on a female supervisor at a shortbread factory as "cowardly and vicious". BBC News - Scotland

Tango Card raises $35M for its ‘rewards as a service’ gift card aggregation platform
  • Tue, 22 May 2018 19:44

Gift cards today are a $ 100 billion business annually, and as they continue to grow as a key way for companies to incentivise people in our too-ofte...

Facebook boss faces European Parliament over data scandal
  • Tue, 22 May 2018 18:45

BRUSSELS: Facebook chief Mark Zuckerberg faces tough questions later Tuesday at the European Parliament over the fallout from the Cambridge Analytica ...

[Newsmaker] Under pressure, Hyundai Motor heir pulls the plug, pursues plan B
  • Tue, 22 May 2018 18:27

Two months after proposing a grand reform plan on its corporate governance, Hyundai Motor Group, the nation’s second-lar 코리아헤럴드

Metric System
  • Tue, 22 May 2018 17:44

Here in the states, we’re stuck between two measurement systems: the U.S. standard of inches, feet, yards, miles, ounces and pounds, and the dec...

TheSkimm closes its $12M Series C with big names Shonda Rhimes and Tyra Banks on board
  • Tue, 22 May 2018 15:51

In March, the female-led media company and newsletter provider theSkimm reported it was raising a $ 12 million Series C from Google Ventures and Sp...

News Categories