July 24, 2024 at 09:19AM
A zero-day security flaw in Telegram’s Android app called EvilVideo allowed attackers to share malicious files camouflaged as videos. The exploit appeared for sale in June 2024 and was addressed by Telegram in July’s version 10.14.5. Additionally, cybercriminals are leveraging the popularity of the Telegram-based game Hamster Kombat for monetary gain and have deployed Android malware.
From the meeting notes, it is clear that there were discussions about various cybersecurity threats and malware targeting Telegram and Android devices. The notes mention the zero-day security flaw in Telegram’s mobile app called EvilVideo, which allowed attackers to disguise malicious files as harmless-looking videos. This issue was addressed by Telegram in version 10.14.5 released on July 11.
Additionally, the notes highlight the exploitation of the Telegram-based cryptocurrency game Hamster Kombat for monetary gain by cyber criminals. It is estimated that this game has more than 250 million players, and the success of the game has attracted malicious actors who have deployed malware targeting the players.
Furthermore, the notes mention the BadPack Android malware, which uses specially crafted package files to obstruct static analysis and install malicious artifacts without raising red flags.
These meeting notes emphasize the evolving nature of cybersecurity threats targeting popular platforms like Telegram and Android devices, and the need for proactive measures to mitigate these risks.