Kaspersky Lab's report on Telegram hacking

Hackers used a vulnerability in the Telegram messenger to get Monero and ZCash, reports Kaspersky Lab, although in 2013 the messenger was founded and positioned as a highly secure app. It gained popularity among security-concerned users, including French President Emmanuel Macron, Islamic State terrorists, and the cryptocurrency community.

The Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method, used for coding languages that are written from right to left, like Arabic or Hebrew. Besides, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images. Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers and used their processing power to mine currency or serve as a backdoor for attackers to distantly control a machine. Moreover, Kaspersky researchers discovered archives containing a cache of Telegram data that had been stolen from victims.

In order to protect your PC from any infection, Kaspersky Lab recommends the following: 

1. Do not download and open unknown files from untrusted sources;

2. Try to avoid sharing any sensitive personal information in instant messengers;

3. Install a reliable security solution such as Kaspersky Internet Security or Kaspersky Free that detects and protects you from all possible threats, including malicious mining software.