Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Telegram for Android reportedly had a zero-day vulnerability which was being targeted by attackers. This vulnerability, dubbed EvilVideo, allowed malicious actors and hackers to send malware disguised as video files, as per the report. It was detected by a cybersecurity research firm last month after a post about the exploit was found on the dark web. The poster was said to be selling the exploit and also showed a screenshot of its workings. Notably, Telegram released an update on July 11 patching the vulnerability after the cybersecurity firm notified it about the exploit.
EvilVideo Exploit Found in TelegramAccording to a newsroom post by cybersecurity firm Eset, Telegram for Android had a zero-day vulnerability. A zero-day vulnerability is a security flaw which is unknown to the developer. The term is used since developers have “zero days” to patch the issue. This particular vulnerability was reportedly found by some malicious actors who were trying to sell it on the dark web.
.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }“We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves,” said ESET researcher Lukáš Štefanko, who discovered the exploit.
Dark web post about the Telegram vulnerability
Photo Credit: Welivesecurity
Dubbed EvilVideo, the exploit allowed hackers to deploy malware payload as Android Package (APK) within the video files, based on the dark web post spotted by Welivesecurity. When played, Telegram reportedly would show a message that says “App was unable to play this video.” However, immediately afterwards, the hidden malware would send request to allow apps from third-party sources so it could be installed, revealed the publication.
Since the default option on Telegram downloads videos by default, the researchers believe the payload could have been easily spread to a large number of users by planting them in large public groups.
How Hackers Are Using a Bot to Target Indians in WhatsApp e-Challan Scam Medusa Banking Trojan Returns to Target Android Users in These Countries This New ‘GoldDigger’ iOS Trojan Steals iPhone Face ID DataHowever, Eset notified Telegram about the exploit on June 26, and reportedly, Telegram released an update on July 11, patching the vulnerability.
.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
Play online games for free at games.easybranches.com
Guest Post Services www.easybranches.com/contribute