Summary:
-
Zero-Day Exploit Discovery: Researchers uncovered a zero-day exploit in the Telegram messaging app on Android devices, dubbed EvilVideo by Slovakia-based firm ESET. This exploit allowed attackers to send malicious payloads disguised as legitimate multimedia files. Telegram fixed this vulnerability in version 10.14.5 and above after it was reported by researchers.
-
Exploit Details and Usage: The exploit, discovered on an underground forum in early June, was sold by a user named βAncrynoβ and was available for around five weeks before being patched. Attackers could use the exploit to send malicious payloads via Telegram channels, groups, and chats, taking advantage of Telegramβs default setting to automatically download media files.
-
Impact and Mitigation: In unpatched versions, if users tried to play the fake βvideo,β Telegram would display a message suggesting using an external player. The hackers disguised a malicious app as this external player. Users could avoid the exploit by disabling automatic media downloads in Telegram settings. Itβs unclear if the exploit was actively used in the wild during the five-week window before it was patched.
!