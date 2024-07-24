Cybersecurity researchers at ESET have uncovered a significant security flaw in the Telegram app for Android devices. This vulnerability, termed a "zero-day exploit," allows attackers to send malicious files that masquerade as regular videos via Telegram chats. Dubbed "EvilVideo," this exploit was discovered on an underground online forum in June 2024.

How the "EvilVideo" Exploit Works

The exploit enables hackers to distribute dangerous files disguised as innocent 30-second videos. These files can be sent through Telegram channels, groups, or private chats. Typically, when users receive videos on Telegram, they are automatically downloaded, provided the setting is enabled. As a result, the harmful file gets downloaded as soon as the recipient opens the chat.

ESET researcher Lukas Stefanko and his team discovered this exploit while monitoring secret online forums. They encountered a seller demonstrating the exploit's functionality in a public Telegram channel. ESET subsequently accessed this channel and obtained the malicious file for testing. Their experiments confirmed that the exploit affected older versions of Telegram, specifically those before version 10.14.5. The hackers exploited the Telegram API, a tool for developers to create and upload content, to disguise these harmful files as videos. When users attempted to play the "video," Telegram would indicate playback issues and suggest using another app, leading to the installation of a malicious application if the user complied.

Telegram's Response and Fix

ESET detected this issue on June 26, 2024, and promptly notified Telegram. Initially, there was no response. However, upon a second report on July 4, Telegram responded swiftly and began investigating. The issue was resolved with the release of a new app version, 10.14.5, on July 11, 2024. This update ensures users are no longer vulnerable to this exploit if they update their app.

To remain safe, users should update their Telegram app to the latest version. Detailed information can be found in ESET's blog post titled "Cursed tapes: Exploiting the EvilVideo vulnerability in Telegram for Android" on WeLiveSecurity.com. Additionally, ESET Research provides updates on Twitter (now called X).

The "EvilVideo" exploit posed a serious threat by tricking users into downloading harmful files merely by opening a chat. Thanks to the prompt actions of ESET and Telegram, the vulnerability has been addressed in the latest app update. Users are advised to keep their apps updated to protect against such threats.

