July 23, 2024 at 08:15AM
ESET has warned of a zero-day exploit affecting Telegram for Android, allowing threat actors to distribute malicious files disguised as videos. The vulnerability, dubbed EvilVideo, auto-downloads payloads containing APK files presented as multimedia previews. Users are advised to update their app to version 10.14.5 to address this issue.
Based on the meeting notes, here are the key takeaways:
– Threat actors have exploited a vulnerability in Telegram for Android to distribute malicious files disguised as videos.
– The security defect, named EvilVideo, utilized a zero-day exploit targeting Telegram for Android and could deliver payloads containing APK files.
– The exploit took advantage of Telegram’s default automatic download of multimedia files and tricked users into installing a malicious application posing as a video player.
– The vulnerability was reported to Telegram in late June and patched on July 11, with an advisory for users to update the application to version 10.14.5.
– ESET identified and reported the exploit, which had been available for sale since early June.
This information highlights the urgency for users to update their Telegram for Android application to the patched version to secure against the EvilVideo vulnerability.