Zero-day vulnerability in Telegram - Securelist
released on 2018-02-13 @ 08:05:53 PM
In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service .At the first stage, a downloader is sent to the target, which is written in .Net, and uses Telegram API as the command protocol.