Telegram recently patched a critical vulnerability in its Android app.
The flaw allowed hackers to exploit the platform to send dangerous files disguised as video files.
The threat actor behind this exploit remains unidentified.
Telegram recently patched a critical vulnerability in its Android app that allowed hackers to exploit the platform to send dangerous files disguised as video files. The zero-day exploit, which appeared for sale on an underground forum on June 6th, 2024, was named “EvilVideo” by researchers at ESET. The exploit leveraged a flaw that let attackers share malicious payloads via Telegram channels, groups, and chats, making them look like harmless multimedia files.
ESET’s team discovered the exploit and analysed it before reporting it to Telegram on June 26th. Then, Telegram released an update on July 11th that fixed the vulnerability in Telegram versions 10.14.5 and above. This update has now patched the issue and protected users from the threat.
Also read: Telegram introduces Copilot chatbot within the app: Here’s how to use it
How the Exploit Worked
The EvilVideo exploit targeted Telegram versions 10.14.4 and older. It worked by creating a malicious payload that appeared as a 30-second video file in chat. When users attempted to play this file, Telegram would prompt them to install an external player, which was actually a disguised malicious app. The payload would automatically download if users had their settings to auto-download media files, or they could manually download it by tapping the download button.
Interestingly, the exploit did not work on Telegram’s Web or Desktop clients. The Web client treated the file as an MP4, while the Desktop client appended an extra .mp4 extension to the APK file, preventing the exploit from executing.
Also read: Telegram rolls out 7 new features: Here’s what you should know
Threat Actor and Further Actions
The threat actor behind this exploit remains largely unidentified, though they were also found to offer other malicious services on the same underground forum. Despite this, Telegram’s prompt response to the vulnerability highlights its commitment to user security.
The EvilVideo vulnerability has now been patched, ensuring that users of Telegram for Android are no longer at risk from this specific exploit. It’s a reminder of the importance of keeping apps updated to protect against potential threats.
Follow Us
Ayushi Jain
Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds. View Full Profile
