Feb 13, 2018

Text processing glitch cleared way for hackers on chat app Telegram


Telegram Messanger. Sergei Konkov / Getty

If a file titled "article_in_wsj.jpg" looks like a it might be an image file, criminals might be able to trick you into clicking a nasty link through the messaging app, Telegram. A file name processing glitch already being exploited in the wild makes it easy to make one file type seem like another.

In the wild: Researchers at the Kaspersky Lab noticed that Telegram did not check to make sure the app does not reverse the file type and found several instances of the issue dating back to March of last year. Their findings included cryptocurrency mining malware and opening backdoors into systems. The trick seemed to be popular for Russian criminals. Telegram has since patched the vulnerability.

How it works : To allow filenames in languages that read from right to left, Telegram recognizes a formatting marker called a right-to-left override (RLO) character. Any text after a RLO is displayed from right to left. Flip the right letters in "123gpj.js" and you get "1234sj.jpg," turning an potentially malware-hiding javascript (.js) file into what looks like an jpeg image.

Go deeper