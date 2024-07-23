Technology News
English Edition
  • Home
  • Apps
  • Apps News
  • Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report

Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report

The attackers were reportedly exploiting a zero-day vulnerability in Telegram’s Android app.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 23 July 2024 16:03 IST
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report

Photo Credit: Reuters

The payload malware for the exploit is said to have been created using Telegram’s API

Highlights
  • The exploit was found being advertised on the dark web
  • Cybersecurity firm Eset reported the exploit to Telegram last month
  • Telegram has reportedly deployed a patch to fix the vulnerability
Advertisement

Telegram for Android reportedly had a zero-day vulnerability which was being targeted by attackers. This vulnerability, dubbed EvilVideo, allowed malicious actors and hackers to send malware disguised as video files, as per the report. It was detected by a cybersecurity research firm last month after a post about the exploit was found on the dark web. The poster was said to be selling the exploit and also showed a screenshot of its workings. Notably, Telegram released an update on July 11 patching the vulnerability after the cybersecurity firm notified it about the exploit.

EvilVideo Exploit Found in Telegram

According to a newsroom post by cybersecurity firm Eset, Telegram for Android had a zero-day vulnerability. A zero-day vulnerability is a security flaw which is unknown to the developer. The term is used since developers have “zero days” to patch the issue. This particular vulnerability was reportedly found by some malicious actors who were trying to sell it on the dark web.

“We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves,” said ESET researcher Lukáš Štefanko, who discovered the exploit.

telegram evilvideo exploit welivesecurity Telegram vulnerability dark web post

Dark web post about the Telegram vulnerability
Photo Credit: Welivesecurity

 

Dubbed EvilVideo, the exploit allowed hackers to deploy malware payload as Android Package (APK) within the video files, based on the dark web post spotted by Welivesecurity. When played, Telegram reportedly would show a message that says “App was unable to play this video.” However, immediately afterwards, the hidden malware would send request to allow apps from third-party sources so it could be installed, revealed the publication.

Since the default option on Telegram downloads videos by default, the researchers believe the payload could have been easily spread to a large number of users by planting them in large public groups.

However, Eset notified Telegram about the exploit on June 26, and reportedly, Telegram released an update on July 11, patching the vulnerability.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Telegram, Malware, Cybersecurity, Hacker, Cyberattack, Android
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Meta Patent Application Describes 'Social Presence' Feature Inspired by EyeSight on Apple Vision Pro

Related Stories

Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQoo Z9s Series India Launch Set for August; Rear Design Teased
  2. Budget 2024: Key Announcements Related to Technology in India
  3. Vivo V40 Series Tipped to Launch in India Soon
  4. CMF Phone 1 Review: Strong Performer Under Rs 18,000
  5. MediaTek Dimensity 8400 Allegedly Scores Higher Than Snapdragon 8 Gen 3
  6. iPhone SE 4 Price, Launch Timeline Tipped; May Get A18 SoC, OLED Screen
  7. Redmi Pad SE 4G Details Leak Ahead of India Launch; Pad Pro 5G Coming Too
#Latest Stories
  1. US SEC Approves Ether ETFs, Marks Another Milestone for Crypto Growth
  2. G20 Prioritises Discussions on Digital Tax Amid Looming Tariff Threats from US
  3. Google Plans to Prioritise User Choice Instead of Deprecating Third-Party Cookies on Chrome
  4. Acer Aspire 3D 15 Spatiallabs With Glasses-Free 3D Display, Up to 13th Gen Intel Core i7 CPU Debuts in India
  5. Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
  6. Slack Introduces Status, Catch Up and Slack Launcher Widgets for iPhone
  7. Meta Patent Application Describes 'Social Presence' Feature Inspired by EyeSight on Apple Vision Pro
  8. Samsung Galaxy Z Fold 6 Slim Tipped to Debut in October With Larger Cover Display
  9. Samsung’s Future AI Smartphones to Be ‘Radically Different’ From Existing Phones: Report
  10. Google Pixel 9, Pixel 9 Pro XL Renders Leak Online; Shows Off Pink, Porcelain Colours
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »