ESET researchers have uncovered a critical zero-day vulnerability in the Telegram messaging app for Android, named “EvilVideo,” which has the potential to expose millions of users to malicious attacks. This security flaw, affecting Telegram versions 10.14.4 and earlier, allows attackers to disguise harmful Android payloads as seemingly benign video files. These malicious files can be distributed through Telegram channels, groups, and private chats, leveraging Telegram’s default setting to automatically download media files, thus facilitating the spread of the exploit.
The vulnerability was first detected on June 6, 2024, when ESET found an advertisement for the exploit on an underground forum. The seller, using the alias “Ancryno,” claimed the exploit worked with Telegram versions 10.14.4 and older. ESET researchers were able to trace the channel, obtain the payload, and conduct a thorough analysis. The exploit involves presenting a 30-second video as a multimedia file, which, when opened, prompts Telegram to suggest using an external player. This action leads to the installation of a malicious app disguised as a multimedia file with an .apk extension.
Following their discovery, ESET reported the vulnerability to Telegram on June 26, 2024, and again on July 4, 2024. Telegram responded promptly, releasing a security patch in version 10.14.5 on July 11, 2024, to address the flaw. While there is no concrete evidence that the exploit has been used in real-world attacks, the potential risk is significant given Telegram’s widespread use, with over a billion downloads of its Android app. The threat actor behind EvilVideo also offers an Android cryptor-as-a-service, further indicating the exploit’s potential for harm.
Users are strongly advised to update their Telegram apps to the latest version and exercise caution when interacting with media files from unknown sources. This incident underscores the persistent risks in the digital landscape and highlights the crucial role of cybersecurity research in identifying and mitigating emerging threats. The discovery and resolution of this vulnerability serve as a reminder of the ongoing need for vigilance and proactive security measures in protecting digital communications.
Reference:
