The attack is the latest case of an ongoing cryptojacking trend that recently saw hackers hijack millions of Android devices to mine Monero. The trend seemingly picked up when popular torrent-index website The Pirate Bay experimented mining Monero with user's PCs as an alternative to running ads.
Per the cybersecurity firm's report, hackers have been exploiting the vulnerability since March 2017. To infect users, cybercriminals took advantage of a feature that allows Telegram to recognize text in Arabic and Hebrew, languages written from right to left.
Hackers used a hidden character in the feature that reversed the order of the characters, effectively allowing them to rename files. This way, they tricked users into installing files with malware in it, that then used their computers to mine cryptocurrencies, and potentially gave them backdoor access to the victim's machine. In one case, researchers found archives containing a Telegram local cache stolen from a victim.