ESET Finds Zero-Day Exploit "EvilVideo" Targeting Telegram on Android

In a recent development that underscores the ongoing battle between cybersecurity and malicious actors, researchers have unveiled a zero-day exploit targeting the Telegram messaging app on Android devices. This vulnerability, identified by the Slovakia-based cybersecurity firm ESET and dubbed “EvilVideo,” could have enabled attackers to send harmful payloads masquerading as legitimate multimedia files.

Details of the Exploit

The exploit was discovered on an underground forum in early June, where it was being sold by a user known as “Ancryno.” The seller showcased the exploit through screenshots and a video demonstrating its functionality within a public Telegram channel. This exploit leveraged Telegram’s default setting, which automatically downloads media files, allowing attackers to send malicious payloads through channels, groups, and chats.

While users could manually disable the automatic download feature, the risk remained if they inadvertently tapped the download button for a shared file. Upon attempting to play what appeared to be a video, users would receive a message indicating that the file could not be played, with a suggestion to use an external player. This is where the malicious intent lay; hackers had disguised a harmful application as this external player.

Fortunately, Telegram addressed this vulnerability in versions 10.14.5 and above, released earlier this month. In the updated version, any malicious file shared in a chat is now accurately displayed as an application, rather than a video, thereby mitigating the risk of inadvertent installation.

Potential Impact and Unknowns

Despite the patch, the exploit had a window of approximately five weeks during which it could have been exploited. However, ESET has not confirmed whether it was actively used in the wild. The identity of the hacker group or individual behind this exploit remains unclear, as does their intended use for it and its overall effectiveness.

Adding another layer of intrigue, the same underground forum account that advertised the EvilVideo exploit has also promoted Android cryptomining-as-a-service malware, claiming it to be fully undetectable. This raises further questions about the capabilities and intentions of those operating in the shadows of the digital landscape.

Does Telegram app work in UK?

Yes, the Telegram app works in the UK. It is available for download on various platforms, including iOS, Android, and desktop computers. Users in the UK can access all of Telegram's features, such as messaging, group chats, channels, and more, provided they have an active internet connection.

How to get a free phone number for Telegram?

To get a free phone number for Telegram, you can use services like Google Voice (available in the U.S.), TextNow, or other similar online services that offer temporary or virtual phone numbers. Sign up for one of these services, obtain a phone number, and use it to register your Telegram account. Note that some services may have limitations based on your location.

Update: 01 Aug 2024

Top charts for Mobile Android

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

1032 reviews

5134114

downloads

Zona

Latest update Zona download for free for Windows PC or Android mobile

614 reviews

873427

downloads

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

750 reviews

425596

downloads

Geometry Dash

Latest update Geometry Dash download for free for Windows PC or Android mobile

539 reviews

327093

downloads

News and reviews for Mobile Android

XChat Expands Features to Rival Major Messaging Apps

XChat, led by Elon Musk, enhances messaging with encryption, file sharing and more to challenge WhatsApp and iMessage.

Red Ronin Leads Top Android Game Discounts This Week

Red Ronin, a tactical turn-based game, is featured among top discounted deals on Google Play. Highlights include significant discounts on Galaxy Watch 7 and more.

Device Security Alert: Concerns Over Android Vulnerabilities

Significant security vulnerabilities in Android phones from Ulefone and Krüger&Matz have been identified by CERT Polska, risking user data. Prompt updates are advised.

Gmail Embraces Material 3 Design with Latest Android Update

Gmail's latest update unveils a Material 3-inspired UI, following the Android 16 design framework. The card-based changes include a fresh interface with a revised 'Compose' feature and search bar, aiming to bring consistency to Google's app ecosystem.

New Google App Brings AI Models to Android Devices

Google has unveiled an Android app enabling local use of AI models without internet, including interactive features and image analysis.

Gemini Introduces Email Summary Cards to Gmail on Mobile

Gemini launches new summary cards for Gmail on Android and iOS. These AI-powered tools offer automatic updates at the top of emails, assisting users in managing long threads effectively. Smart features must be enabled for full functionality.

Google Photos Enhances Experience with New Features

Marking its 10th anniversary, Google Photos introduces updated editing, AI, and sharing features to enhance user experience.

Google Enhances Android Phone App for Better User Experience

Google is preparing to release updates to the Android Phone app, improving readability and enhancing the user experience with new design elements.

Kiosk Software Enhances Business Operations and Security

Kiosk software streamlines business operations by optimizing Android devices for specific tasks. Leading software providers like Scalefusion and KioWare offer crucial features that enhance efficiency and ensure security, making these tools essential for many industries.

Auto-rotation Innovations Enhance Android Experience

Samsung's One UI and MacroDroid enhance Android's auto-rotation, enabling users to tailor screen rotation for specific apps effortlessly.