ESET Finds Zero-Day Exploit "EvilVideo" Targeting Telegram on Android

01 Aug 2024

In a recent development that underscores the ongoing battle between cybersecurity and malicious actors, researchers have unveiled a zero-day exploit targeting the Telegram messaging app on Android devices. This vulnerability, identified by the Slovakia-based cybersecurity firm ESET and dubbed “EvilVideo,” could have enabled attackers to send harmful payloads masquerading as legitimate multimedia files.

Details of the Exploit

The exploit was discovered on an underground forum in early June, where it was being sold by a user known as “Ancryno.” The seller showcased the exploit through screenshots and a video demonstrating its functionality within a public Telegram channel. This exploit leveraged Telegram’s default setting, which automatically downloads media files, allowing attackers to send malicious payloads through channels, groups, and chats.

While users could manually disable the automatic download feature, the risk remained if they inadvertently tapped the download button for a shared file. Upon attempting to play what appeared to be a video, users would receive a message indicating that the file could not be played, with a suggestion to use an external player. This is where the malicious intent lay; hackers had disguised a harmful application as this external player.

Fortunately, Telegram addressed this vulnerability in versions 10.14.5 and above, released earlier this month. In the updated version, any malicious file shared in a chat is now accurately displayed as an application, rather than a video, thereby mitigating the risk of inadvertent installation.

Potential Impact and Unknowns

Despite the patch, the exploit had a window of approximately five weeks during which it could have been exploited. However, ESET has not confirmed whether it was actively used in the wild. The identity of the hacker group or individual behind this exploit remains unclear, as does their intended use for it and its overall effectiveness.

Adding another layer of intrigue, the same underground forum account that advertised the EvilVideo exploit has also promoted Android cryptomining-as-a-service malware, claiming it to be fully undetectable. This raises further questions about the capabilities and intentions of those operating in the shadows of the digital landscape.

Does Telegram app work in UK?

Yes, the Telegram app works in the UK. It is available for download on various platforms, including iOS, Android, and desktop computers. Users in the UK can access all of Telegram's features, such as messaging, group chats, channels, and more, provided they have an active internet connection.

How to get a free phone number for Telegram?

To get a free phone number for Telegram, you can use services like Google Voice (available in the U.S.), TextNow, or other similar online services that offer temporary or virtual phone numbers. Sign up for one of these services, obtain a phone number, and use it to register your Telegram account. Note that some services may have limitations based on your location.

Update: 01 Aug 2024

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7065267
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1558208
downloads
WinRAR

WinRAR

Latest update WinRAR download for free for Windows PC or Android mobile

5
735 reviews
666298
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
480340
downloads

News and reviews for Mobile Android

Discover Hidden Treasures: 4 Android Apps Worth Trying

Discover Hidden Treasures: 4 Android Apps Worth Trying

Explore four underrated Android apps providing unique value: access Nintendo music, Apple TV, Blackmagic Camera, and shop Steam on-the-go.

Read more
SILT Expands to iOS and Android in Early 2026

SILT Expands to iOS and Android in Early 2026

SILT, the 2D puzzle-adventure game, arrives on iOS and Android early 2026. Expect touch controls, creepy visuals, and a $5.99 unlock.

Read more
2025 Top Apps: Spotify, Netflix, Gemini Lead

2025 Top Apps: Spotify, Netflix, Gemini Lead

Spotify, Netflix, and Gemini lead 2025's app selections, enhancing user experience with new features and integrations. Key impacts on apps noted.

Read more
Onyx Boox Note Air5 Boosts Productivity with Android Apps

Onyx Boox Note Air5 Boosts Productivity with Android Apps

Note Air5 enhances reading and productivity with full Android and color E Ink display.

Read more
Material 3 Expressive Offers Subtle Updates to Google Apps

Material 3 Expressive Offers Subtle Updates to Google Apps

Material 3 Expressive updates in Google apps offer minor design changes. This update feels like an incremental improvement towards a cohesive experience.

Read more
Utilize Google Translate to Overcome Language Barriers in Japan

Utilize Google Translate to Overcome Language Barriers in Japan

Google Translate on Android proves essential for navigating language challenges in Japan. Voice and text features assist travelers with seamless communication.

Read more
Top 5 Free Android Auto Apps to Enhance Your Drive

Top 5 Free Android Auto Apps to Enhance Your Drive

Discover five essential free apps for Android Auto to elevate your driving experience today.

Read more
Score Big Savings with Latest Android Deals

Score Big Savings with Latest Android Deals

Android deals expand with top-tier games including Final Fantasy, Mana. Secure discounts while lasting through 2023's holiday season.

Read more
Open-source Waller Enhances Android Wallpaper Customization

Open-source Waller Enhances Android Wallpaper Customization

Waller app transforms Android wallpaper design, focusing on privacy and creativity without ads.

Read more
Get Monument Valley for Free on Epic Games Store

Get Monument Valley for Free on Epic Games Store

Monument Valley games are free on Epic Games Store as of 2025-12-26. Play on Android via the Epic Games app.

Read more
All article