Stories

Joe Uchill Feb 13
SaveSave story

Text processing glitch cleared way for hackers on chat app Telegram

Telegram
Telegram Messanger. Sergei Konkov / Getty

If a file titled "article_in_wsj.jpg" looks like a it might be an image file, criminals might be able to trick you into clicking a nasty link through the messaging app, Telegram. A file name processing glitch already being exploited in the wild makes it easy to make one file type seem like another.

In the wild: Researchers at the Kaspersky Lab noticed that Telegram did not check to make sure the app does not reverse the file type and found several instances of the issue dating back to March of last year. Their findings included cryptocurrency mining malware and opening backdoors into systems. The trick seemed to be popular for Russian criminals. Telegram has since patched the vulnerability.