Russian cybercriminals found a sneaky way to generate funds last year: they tricked Telegram users into installing cryptocurrency miners.
For over six months, the hackers exploited a vulnerability in the desktop version of the messaging app to deliver mining software to unsuspecting victims, Kaspersky Lab said on Tuesday.
These scammers abused the software’s character encoding method to disguise malicious programs as seemingly harmless files. The trick involves a special Unicode character called the “right to left override,” which can let a programmer reverse the character order in a file name. An executable listed as “doc.exe,” for example, can suddenly look like “exe.doc.”
Kaspersky Lab said it found evidence of the attacks going back to last March, some of which successfully delivered cryptocurrency miners to victims’ computers. In some of the attacks, hackers sent files that appeared to be images, but really launched mining software designed to secretly generate the virtual currency Monero, Zcash, or Fantomcoin.
All the observed attacks occurred in Russia, according to Kaspersky Lab. Some of the computer code in the hacking schemes, along with an FTP server, also used some Russian language. In addition to mining cryptocurrencies, a separate number of attacks delivered malware that can take control of a computer.
The security firm learned of the vulnerability in October, and Telegram said it fixed the problem a month later.
It isn’t clear how many victims were targeted, but Telegram downplayed the threat. “Well, this is not a real vulnerability on Telegram Desktop,” a technical support channel to the messaging app said. “No one can remotely take control of your computer or Telegram unless you open a malicious file.”
Nevertheless, the number of cryptocurrency mining-related hacks continues to soar. Computers hit with mining malware can see a drop in the machine’s performance, but anti-virus software can clean up the infection.