By Consultants Review Team
Researchers studying cybersecurity at ESET have found a serious security hole in the Telegram software for Android smartphones. This flaw, known as a "zero-day exploit," enables attackers to deliver infected files over Telegram chats that appear to be normal films. This hack, known as "EvilVideo," was uncovered in June 2024 on a covert internet forum.
The Operation of the "EvilVideo" Exploit
Hackers may disseminate malicious files under the pretext of harmless 30-second films thanks to this vulnerability. Telegram groups, channels, and private conversations may all be used to send these files. Generally, if the option is enabled, movies that users receive on Telegram are downloaded automatically. Consequently, the moment the receiver enters the conversation, the malicious file begins to download.
While keeping an eye on closed internet forums, Lukas Stefanko, an ESET researcher, and his colleagues came upon this attack. They came upon a vendor in an open Telegram chat showcasing the exploit's capabilities. After that, ESET gained access to this channel and downloaded the malicious file for examination. Their investigations verified that the vulnerability impacted Telegram versions prior to 10.14.5, in particular. In order to pass off these dangerous files as films, the hackers took advantage of Telegram API, a platform that allows developers to produce and share content. When users tried to view the "video," Telegram would recommend them use an other app and report playback problems; if they followed the suggestion, they would end up installing a malicious program.
Telegram's Reaction and Solution
On June 26, 2024, ESET discovered this problem and immediately alerted Telegram. At first there was no reply. On July 4, however, Telegram received a second allegation and quickly launched an investigation. The problem was fixed on July 11, 2024, when the updated app version 10.14.5 was released. If users update their app, this update guarantees they are no longer susceptible to this attack.
Users should update to the most recent version of the Telegram client in order to stay safe. WeLiveSecurity.com's blog article by ESET titled "Cursed tapes: Exploiting the EvilVideo vulnerability in Telegram for Android" has further details. Furthermore, ESET Research modifies their account on Twitter (which is now named X).
By luring people into downloading malicious files only by starting a conversation, the "EvilVideo" vulnerability posed a significant risk. Telegram and ESET responded quickly, and as a result, the vulnerability was fixed in the most recent app version. It is recommended that users update their apps to guard against these kinds of attacks.