ESET Finds Zero-Day Exploit "EvilVideo" Targeting Telegram on Android

01 Aug 2024

In a recent development that underscores the ongoing battle between cybersecurity and malicious actors, researchers have unveiled a zero-day exploit targeting the Telegram messaging app on Android devices. This vulnerability, identified by the Slovakia-based cybersecurity firm ESET and dubbed “EvilVideo,” could have enabled attackers to send harmful payloads masquerading as legitimate multimedia files.

Details of the Exploit

The exploit was discovered on an underground forum in early June, where it was being sold by a user known as “Ancryno.” The seller showcased the exploit through screenshots and a video demonstrating its functionality within a public Telegram channel. This exploit leveraged Telegram’s default setting, which automatically downloads media files, allowing attackers to send malicious payloads through channels, groups, and chats.

While users could manually disable the automatic download feature, the risk remained if they inadvertently tapped the download button for a shared file. Upon attempting to play what appeared to be a video, users would receive a message indicating that the file could not be played, with a suggestion to use an external player. This is where the malicious intent lay; hackers had disguised a harmful application as this external player.

Fortunately, Telegram addressed this vulnerability in versions 10.14.5 and above, released earlier this month. In the updated version, any malicious file shared in a chat is now accurately displayed as an application, rather than a video, thereby mitigating the risk of inadvertent installation.

Potential Impact and Unknowns

Despite the patch, the exploit had a window of approximately five weeks during which it could have been exploited. However, ESET has not confirmed whether it was actively used in the wild. The identity of the hacker group or individual behind this exploit remains unclear, as does their intended use for it and its overall effectiveness.

Adding another layer of intrigue, the same underground forum account that advertised the EvilVideo exploit has also promoted Android cryptomining-as-a-service malware, claiming it to be fully undetectable. This raises further questions about the capabilities and intentions of those operating in the shadows of the digital landscape.

Does Telegram app work in UK?

Yes, the Telegram app works in the UK. It is available for download on various platforms, including iOS, Android, and desktop computers. Users in the UK can access all of Telegram's features, such as messaging, group chats, channels, and more, provided they have an active internet connection.

How to get a free phone number for Telegram?

To get a free phone number for Telegram, you can use services like Google Voice (available in the U.S.), TextNow, or other similar online services that offer temporary or virtual phone numbers. Sign up for one of these services, obtain a phone number, and use it to register your Telegram account. Note that some services may have limitations based on your location.

Update: 01 Aug 2024

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
5729236
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1031564
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
441207
downloads
Geometry Dash

Geometry Dash

Latest update Geometry Dash download for free for Windows PC or Android mobile

4
539 reviews
373291
downloads

News and reviews for Mobile Android

Latest Insights on Android Deals Highlight Game Opportunities

Latest Insights on Android Deals Highlight Game Opportunities

Discover Thursday's top Android game and app deals with notable discounts on Google Play, bringing a range of engaging options for users. Explore a wealth of offerings like Smart DNS Changer Pro, Chronomon, Wreckfest, and more alongside insights from senior deal expert, Justin.

Read more
Silksong Reimagines Windows Gaming on Android Devices

Silksong Reimagines Windows Gaming on Android Devices

Silksong leads the charge in bringing Windows gaming to Android. Following the impact of the Steam Deck, this move signals a growing trend in mobile gaming innovation, providing gamers a seamless handheld experience.

Read more
PlayStation Family App Launch Enhances Parental Controls

PlayStation Family App Launch Enhances Parental Controls

Sony introduces the PlayStation Family app for mobile devices, allowing easy control over PS4 and PS5 parental settings. This app provides parents with tools to set playtime, spending, and content restrictions, ensuring a safer gaming experience.

Read more
PlayStation Family App Brings Parental Controls to Mobile

PlayStation Family App Brings Parental Controls to Mobile

Sony's PlayStation Family app offers parents remote control over children's PlayStation activity, including playtime and spending limits, directly from mobile devices.

Read more
Health Connect May Evolve Into Fitness Tracking Platform

Health Connect May Evolve Into Fitness Tracking Platform

Health Connect may add native step tracking features, indicating a shift from data hub to fitness tracker by using phone sensors for direct data collection.

Read more
Identity Check Update Enhances Pixel Watch Integration

Identity Check Update Enhances Pixel Watch Integration

Android 16 update adds compatibility with Pixel Watch for Identity Check, allowing PIN, password, or pattern access without biometric sign-in. This feature is supported on Pixel Watch 3 and 4.

Read more
PlayStation Family App Empowers Parental Control on Consoles

PlayStation Family App Empowers Parental Control on Consoles

Sony's PlayStation Family app for iOS and Android enhances parental control over children's gaming experiences on PS5 and PS4.

Read more
BGMI 4.0 Update Brings New Features and Ghost Companions

BGMI 4.0 Update Brings New Features and Ghost Companions

Krafton introduces BGMI 4.0 update with Spooky Soiree features, ghost companions, and innovative game modes for Android. Experience enhanced gameplay with new strategic abilities.

Read more
Microsoft to Retire Outlook Lite Android App October 2025

Microsoft to Retire Outlook Lite Android App October 2025

Microsoft pulls Outlook Lite from Play Store in October 2025. Users are encouraged to switch to Outlook Mobile app for enhanced features and support.

Read more
Sideloading Faces New Restrictions Under Google's Policy Shift

Sideloading Faces New Restrictions Under Google's Policy Shift

Google's new Android policy limits sideloding. Apps must be signed by verified developers, removing flexibility. Critics worry about increased control and privacy concerns.

Read more
All article