ESET Finds Zero-Day Exploit "EvilVideo" Targeting Telegram on Android

01 Aug 2024

In a recent development that underscores the ongoing battle between cybersecurity and malicious actors, researchers have unveiled a zero-day exploit targeting the Telegram messaging app on Android devices. This vulnerability, identified by the Slovakia-based cybersecurity firm ESET and dubbed “EvilVideo,” could have enabled attackers to send harmful payloads masquerading as legitimate multimedia files.

Details of the Exploit

The exploit was discovered on an underground forum in early June, where it was being sold by a user known as “Ancryno.” The seller showcased the exploit through screenshots and a video demonstrating its functionality within a public Telegram channel. This exploit leveraged Telegram’s default setting, which automatically downloads media files, allowing attackers to send malicious payloads through channels, groups, and chats.

While users could manually disable the automatic download feature, the risk remained if they inadvertently tapped the download button for a shared file. Upon attempting to play what appeared to be a video, users would receive a message indicating that the file could not be played, with a suggestion to use an external player. This is where the malicious intent lay; hackers had disguised a harmful application as this external player.

Fortunately, Telegram addressed this vulnerability in versions 10.14.5 and above, released earlier this month. In the updated version, any malicious file shared in a chat is now accurately displayed as an application, rather than a video, thereby mitigating the risk of inadvertent installation.

Potential Impact and Unknowns

Despite the patch, the exploit had a window of approximately five weeks during which it could have been exploited. However, ESET has not confirmed whether it was actively used in the wild. The identity of the hacker group or individual behind this exploit remains unclear, as does their intended use for it and its overall effectiveness.

Adding another layer of intrigue, the same underground forum account that advertised the EvilVideo exploit has also promoted Android cryptomining-as-a-service malware, claiming it to be fully undetectable. This raises further questions about the capabilities and intentions of those operating in the shadows of the digital landscape.

Does Telegram app work in UK?

Yes, the Telegram app works in the UK. It is available for download on various platforms, including iOS, Android, and desktop computers. Users in the UK can access all of Telegram's features, such as messaging, group chats, channels, and more, provided they have an active internet connection.

How to get a free phone number for Telegram?

To get a free phone number for Telegram, you can use services like Google Voice (available in the U.S.), TextNow, or other similar online services that offer temporary or virtual phone numbers. Sign up for one of these services, obtain a phone number, and use it to register your Telegram account. Note that some services may have limitations based on your location.

Update: 01 Aug 2024

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7217498
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1636756
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
700670
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
486343
downloads

News and reviews for Mobile Android

Significant Price Drops on Leading Android Apps

Significant Price Drops on Leading Android Apps

Explore major discounts on Android apps like LEGO DUPLO and SkySafari 7 Pro. Review the latest January 2026 price updates on popular titles.

Read more
Play Store May Introduce Game Trials to Boost Purchases

Play Store May Introduce Game Trials to Boost Purchases

Google Play Store APK teardown suggests 'Try before you buy' paid game trials, enabling users to test games before purchase.

Read more
Google Introduces Timed Trials for Paid Games on Play Store

Google Introduces Timed Trials for Paid Games on Play Store

Google tests timed trials for paid games on Play Store, boosting discovery and decisions for Android users.

Read more
Uninstall These Android Apps to Boost Phone Speed

Uninstall These Android Apps to Boost Phone Speed

Deleting certain Android apps may improve phone performance by freeing up storage and reducing background processing.

Read more
Play Store 'Try Before You Buy' Feature in Development

Play Store 'Try Before You Buy' Feature in Development

Play Store is testing a 'Try Before You Buy' option for premium games to offer time-limited trials, enhancing user experience and developer reach.

Read more
Enhance Android with Pixel Search's Universal Widget

Enhance Android with Pixel Search's Universal Widget

Pixel Search adds powerful universal search to Android devices. Access web engines, chatbots, contacts, apps, and more from your home screen.

Read more
Google Alters AOSP Release Schedule Starting 2026

Google Alters AOSP Release Schedule Starting 2026

From 2026, Google will publish AOSP updates twice annually, impacting custom ROM developers.

Read more
Major Price Drops on Top Android Deals This Week

Major Price Drops on Top Android Deals This Week

Significant Android deals offer major discounts on popular games like Children of Morta and Skul: The Hero Slayer.

Read more
Snapseed 3.0 Revamps iOS with New Camera Feature

Snapseed 3.0 Revamps iOS with New Camera Feature

Snapseed 3.0 launches on iOS with a redesigned editor and Snapseed Camera, featuring retro film filters. Expected Android updates soon.

Read more
PC Gaming Expands to Android via FeX by Valve

PC Gaming Expands to Android via FeX by Valve

Valve's FeX translation allows PC gaming on ARM64 Android in 2026, impacting access and compatibility.

Read more
All article