The exploit involved classic right-to-left override (RLO) attack when a file is sent using a messenger. The bug exploited how Telegram handles the special nonprinting RLO character (U+202E), which is used to switch between RTL to LTR text display. Attackers discovered that they could leverage the character to trick users by hiding an executable file, since the filename would appear partially or completely in reverse.
How This Zero-day Bug Works?
Hackers have exploited this zero-day for various purpose as like they can have the full control over the victims computer or they also install mining malware for mining crypto-currencies on target system.The attacks have also been used to steal Telegram directories from victims that may contain information about their personal communications and transfered files. The backdoor enabled attackers to carry out varied malicious operations, including extracting web history archives and launching and deleting files.
Who had Exploited Telegram Zero-day?
Researchers also posted that, while researching on this zero-day they have found several command that are in Russian language. Researcher point out that Russian may know about this vulnerability have exploit this. Moreover, researcher also found a lot of artifacts that pointed to involvement by Russian cybercriminals.
Kaspersky noted that they don't know how long and which version of the Telegram products were affected by this bug, so they recommend users not to download or open any types of image or pdf files from unknown sources.
If you like to read full technical details about this zero-day from secure list.