Telegram App Flaw Exploited to Spread Malware Hidden in Videos

A recently discovered zero-day security flaw in the popular messaging app Telegram has been exploited by attackers to spread malware hidden in videos. The vulnerability, known as EvilVideo, affects the Android version of the app and allows attackers to disguise malicious files as harmless-looking videos.

The exploit was first spotted for sale in an underground forum on June 6, 2024, according to ESET, a cybersecurity software company. The exploit was being sold for an unknown price, and it is believed that it was used by a select number of attackers before it was made public.

ESET reported the vulnerability to Telegram on June 26, following responsible disclosure guidelines. In response, Telegram quickly addressed the issue and released version 10.14.5 of the app on July 11, which includes a patch for the vulnerability.

The EvilVideo exploit takes advantage of a weakness in the way Telegram’s Android app handles video files. Attackers can create a video file with malicious code embedded inside and send it to a user through the app. The user would then be tricked into downloading the file, thinking it was a harmless video. Once the file is downloaded, the malicious code is executed, allowing the attacker to gain control of the device.

This type of attack is known as a “drive-by download” and can be particularly dangerous because it does not require any user interaction other than downloading the seemingly innocuous video. The attackers can then use the infected device to steal sensitive information, install additional malware, or take control of the device for use in distributed denial-of-service (DDoS) attacks.

The discovery of the EvilVideo exploit highlights the ongoing cat-and-mouse game between cybercriminals and software companies. As soon as a vulnerability is discovered, attackers will try to exploit it before a patch can be released. It is essential for users to keep their apps and operating systems up to date to protect against these types of attacks.

Telegram has stated that it takes the security of its users’ data seriously and will continue to work with cybersecurity researchers to identify and patch vulnerabilities in its app. The company also encourages users to report any suspicious activity or potential security issues to help keep the platform safe.

In conclusion, the discovery of the EvilVideo exploit is a reminder that even popular and seemingly secure apps can be vulnerable to attack. It is crucial for users to remain vigilant and keep their software up to date to protect against malware and other cyber threats. Telegram’s quick response in patching the vulnerability is a positive step in maintaining the security of its user base, and the company’s commitment to working with cybersecurity researchers is a promising sign for the future.