- By Vikas Yadav
- Tue, 23 Jul 2024 07:20 PM (IST)
- Source:JND
Telegram, a popular messaging application, was targeted by a zero-day exploit that was on sale on the dark web from June 2024, according to ESET researchers. While the price of the 'EvilVideo' exploit that appeared on an underground forum remained unspecified, it could allow a bad actor to share malware, which may seem like multimedia files in Telegram groups, channels or chats.
According to ESET Research analysis, the exploit worked with Telegram versions 10.14.4 or older. The cybersecurity firm speculated the vulnerability tool could have been created using Telegram's application programming interface (API), which could have allowed it to upload the "specially crafted multimedia files" to chats or channels programmatically. The malware, which is an Android app, appears as a multimedia preview and not a binary attachment.
This malicious file seems like a 30-second video. To make things worse, files are set to auto-download on Telegram by default, implying the malicious payload will be downloaded once a user opens the concerned chat. While users can disable auto-download, Telegram accounts are still vulnerable as the exploit can be downloaded by manually tapping the download button in the video.
Once a user taps the disguised "video" media, the app will return an error and note the video cannot be played. Now it will suggest using an external player. Once the user taps "Open" in this case, they will be asked to install an app which will be malicious. The installation of this package could lead to dangerous consequences for a Telegram user. Hence, the second time when the harmful vulnerability was reported by ESET to Telegram, the platform fixed the issue with version 10.14.5 on July 11.
You must update your Telegram on Android to the latest version to stay safe from the 'EvilVideo' vulnerability. Also, make sure to revoke app installation permissions from Telegram. As another safety measure, you should not download apps/files from unknown sources on your phone and not visit malicious websites. Plus, installing an antivirus and keeping your software updated can also be a good idea.