Windows 10 News and info | Forum
May 23, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies. You can find out more by following the GDPR button
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Kasperksy uncovers Telegram vulnerability that allows malicious crypto-mining  (Read 48 times)
riso
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Netherlands Netherlands

Posts: 6113


Beta tester Tech support dedicated 110%


WWW Email
« on: February 13, 2018, 03:15:32 PM »
ReplyReply

Cybersecurity firm Kaspersky Lab has uncovered a vulnerability in the Telegram desktop app which allows the social messaging app to be exploited for mining cryptocurrencies. In a statement, Kaspersky says the zero-day vulnerability provides a backdoor that “has been actively exploited since March 2017 for the cryptocurrency mining functionality.” It adds that they had notified Telegram of the vulnerability and “at the time of publication, the zero-day flaw has not since been observed in [the] messenger’s products.” Research conducted by Kaspersky showed that the zero-day flaw was based on the RLO (right-to-left override) Unicode method, which is generally used for coding languages written from right to left, such as Arabic and Hebrew. However, it can also be used by hackers to dupe unknowing recipients into downloading malware, for example disguised as images. Kaspersky analysts identified “several scenarios of zero-day exploitation in the wild by threat actors.” The threats identified were two-fold. First, the exploit was used to deliver mining software, allowing hackers to use the victim’s machine to mine cryptocurrency including “Monero, Zcash, Fantomcoin and others.” Second, a backdoor was installed allowing cybercriminals to gain remote access to the victim’s computer after which it started to “operate in a silent mode,” allowing “the threat actor to remain unnoticed in the network and execute different commands, including the further installation of spyware tools.” Kaspersky says its analysis suggests the cybercriminals are of Russian origin, and the company has offered some tips to protect your PC against attack.  These include not downloading and opening unknown files from untrusted sources, avoiding sharing sensitive personal information in messenger apps and making sure to have reliable antivirus software installed on your machine.
Via rt.com
Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 21, 2018, 07:25:45 AM