A serious zero-day vulnerability called EvilVideo has been discovered in Telegram for Android, which allowed hackers to spread malware through video files. This became known after a post about the exploit appeared on a forum on the dark web. According to cybersecurity researchers, the attackers tried to sell this vulnerability by demonstrating its operation through screenshots and video.
ESET, a cybersecurity company, discovered the exploit last month. They reported that they could find a Telegram channel where the exploit was still available, allowing them to test it. The EvilVideo exploit allowed hackers to inject malicious APK files into a video that would produce an error message when played on Telegram. The malware then tried to get permission to install applications from third-party sources.
By default, Telegram automatically downloads videos, which could have led to the massive spread of malware among users, especially in large public groups.
Thanks to the prompt work of ESET experts, Telegram was notified of this threat on June 26. On July 11, Telegram released an update that fixed the EvilVideo vulnerability, ensuring users' safety.
This situation again reminds us of the importance of constant monitoring and rapid response to new cybersecurity threats. Thanks to the efforts of researchers, Telegram for Android users can be sure that their devices are protected from such dangerous exploits.
Comments 0