Telegram zero-day allowed sending malicious Android APKs as videos

Telegram zero-day allowed sending malicious Android APKs as videos

July 22, 2024 at 10:47AM

Summary:
The “EvilVideo” zero-day vulnerability in Telegram for Android allowed threat actors to send malicious APK payloads disguised as video files. ESET researchers discovered the flaw and notified Telegram, which released a patch in version 10.14.5. The exploit required multiple steps for execution, reducing the risk of successful attacks. Users were advised to scan and remove any suspicious files.

From the provided meeting notes, the following key takeaways can be summarized:

– A zero-day vulnerability in Telegram for Android, called ‘EvilVideo’, was discovered, allowing threat actors to send malicious Android APK files disguised as video files.
– The vulnerability was initially sold on a hacking forum by a threat actor named ‘Ancryno’, and ESET researchers confirmed its existence and named it ‘EvilVideo’.
– ESET researchers reported the flaw to Telegram, and the company responded by investigating and releasing a patch in version 10.14.5 on July 11, 2024.
– The exploit allowed threat actors to create specially crafted APK files that appeared as embedded videos in Telegram for Android, potentially leading to the installation of malicious payloads on users’ devices.
– The exploit does not work on Telegram’s web client or desktop versions and has been remediated in version 10.14.5.

Furthermore, it is recommended that individuals who may have received video files requesting an external app to play via Telegram should perform a filesystem scan using a mobile security suite to locate and remove any potential payloads from their devices.

Full Article