The ruling, which affected the desktop version of the messaging application and has already been tackled, was exploited since march of 2017.

The mining of criptomonedas without permission has become a growing threat. And this threat has been the subject of a vulnerability zero-day discovered in the desktop application Telegram.

So what has been revealed by Kaspersky Lab, whose analysts discovered attacks “in the wild” with a piece of malware, new that exploited the vulnerability. The criminals, apparently of Russian origin, took advantage of the method Unicode RLO to encourage the download of a file you downloaded malware, multi-purpose computers of their victims. This malware could be used as a backdoor or as a tool for the distribution of software criptominería.

The vulnerability had been exploiting since march of 2017 for the functionality of mining in relation to currencies like Monero and Zcash. The bug has already been corrected by Telegram, which was alerted by the security experts.

“The popularity of instant messaging services is very high, so it is important that developers provide adequate protection to its users so that they do not become easy targets for criminals”, says Alexey Firsh, analyst malware for the investigation of targeted attacks at Kaspersky Lab.

Firsh confirms that “we found several scenarios for the exploitation of zero-day that, in addition to malware, general and spyware, has been used to install software mining. These infections,”, he warns, “they have become a global trend,”.