Hacker News new | comments | show | ask | jobs | submit login
Kaspersky Says Telegram Flaw Used for Cryptocurrency Mining (bloomberg.com)
18 points by jonbaer 6 months ago | hide | past | web | favorite | 4 comments



Seeing this on Hacker News again, this time from Bloomberg, is so mind numbingly frustrating. I already contested this story when it first showed up on HN 14 hours ago: https://news.ycombinator.com/item?id=16366754. But time is a flat circle.

Sigh.

1. This is not a vulnerability in Telegram. This is vulnerability in the way Windows processes malicious RLO characters in downloaded files. See: https://cdn.securelist.com/files/2018/02/180212-telegram-vul.... The users must click past the security warning (unless they have manually disabled it in system settings), download the file to their machine, and run it.

2. This vulnerability is a phishing vector, not a "0-day" (which these days, is a marketing term). It allows you to send a user a file to compromise their machine, not the Telegram desktop application. Telegram is therefore the channel which can be used to execute a phishing attack. An email client would also be a channel.

Kaspersky is trying to get eyeballs by checking off a bunch of boxes in the tech zeitgeist: Telegram, controversy over Telegram's security, cybercrime, cryptocurrencies and mining. They've baked a narrative that is specifically designed to market Kaspersky's services to its readers by dropping a bunch of keywords - the scenarios presented are so far removed from the standalone technicalities of the vulnerability that it's no longer even honest.

Exploitive security marketing and the uninformed journalism that follows it around is going to give me an ulcer.


"Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers"

Feels like Telegram should be on the hook for protecting against this. It does work with email too, and not really Telegram's fault. Nonetheless, the expectation for them to deal with it seems reasonable to me.


I found the article a bit light on details, so I checked the linked report at https://www.kaspersky.com/about/press-releases/2018_hackers-...

> Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers.

> Secondly, upon successful exploitation of the vulnerability, a backdoor that used the Telegram API as a command and control protocol was installed, resulting in the hackers gaining remote access to the victim’s computer.


"While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims." more worried about that than the rest.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: