Feb 13, 2018

Text processing glitch cleared way for hackers on chat app Telegram

Telegram Messanger. Sergei Konkov / Getty

If a file titled "article_in_wsj.jpg" looks like a it might be an image file, criminals might be able to trick you into clicking a nasty link through the messaging app, Telegram. A file name processing glitch already being exploited in the wild makes it easy to make one file type seem like another.

In the wild: Researchers at the Kaspersky Lab noticed that Telegram did not check to make sure the app does not reverse the file type and found several instances of the issue dating back to March of last year. Their findings included cryptocurrency mining malware and opening backdoors into systems. The trick seemed to be popular for Russian criminals. Telegram has since patched the vulnerability.

How it works : To allow filenames in languages that read from right to left, Telegram recognizes a formatting marker called a right-to-left override (RLO) character. Any text after a RLO is displayed from right to left. Flip the right letters in "123gpj.js" and you get "1234sj.jpg," turning an potentially malware-hiding javascript (.js) file into what looks like an jpeg image.

Go deeper

Axios
3 hours ago - Health

Fauci says if people won't wear masks, maybe it should be mandated

Anthony Fauci. Photo: Graeme Jennings- Pool/Getty Images

NIAID director Anthony Fauci told CNN on Friday evening that if "people are not wearing masks, then maybe we should be mandating it."

Why it matters: Fauci made the comments the same day the U.S. hit its highest daily COVID-19 case count since the pandemic began.

Go deeper (1 min. read)Arrow
Axios
3 hours ago - Politics & Policy

Harris to Black voters: Casting a ballot is about honoring your ancestors

Democratic vice presidential nominee Kamala Harris speaks at a "Get Out The Vote" rally at Morehouse College. Photo: Elijah Nouvelage/AFP via Getty Images

Sen. Kamala Harris appealed to Black voters in Georgia on Friday, urging them to "honor the ancestors" by casting ballots, and again calling President Trump a "racist."

Why it matters: The U.S. saw a significant decline in African-American voter turnout between 2012 and 2016, reaching its lowest point since 2000. Higher turnout among Black Americans this year could tip the balance in favor of Democrats in key battleground states, including Georgia.

Go deeper (1 min. read)Arrow
Axios
Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Fauci: Trump hasn't been to a COVID task force meeting in months.
  2. Sports: The youth sports exodus continues — Big Ten football is back.
  3. Health: U.S. hits highest daily COVID-19 case count since pandemic began —AstraZeneca to resume vaccine trial in U.S.How to help save 130,000 lives.
  4. Retail: Santa won't greet kids at Macy's this year.
  5. World: Spain and France exceed 1 million cases.
Go deeper (1 min. read)Arrow