Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware. Kaspersky researcher Alexey Firsh says crooks appear to have used the flaw for months before he discovered it last October. He says the vulnerability is in how the Telegram Windows client handles the RLO (right-to-left override) Unicode character. The RLO character is used to switch between RTL to LTR text display directions.
Source: https://www.bleepingcomputer.com/news/security/telegram-0-day-used-to-spread-monero-and-zcash-mining-malware/