Telegram releases patch for zero-day vulnerability that allowed attackers to send APK files as video files



Cybersecurity firm ESET has reported that the Android version of the messaging app Telegram contains a zero-day vulnerability that could allow a malicious

APK file to be sent as a video file.

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/



Unmasking the Telegram Exploit - A Cybersecurity Breakdown with Lukas Stefanko - YouTube


Telegram zero-day for Android allowed malicious files to masquerade as videos
https://therecord.media/telegram-zero-day-android-app-eset

On June 26, 2024, ESET discovered an exploit targeting the Android version of Telegram being sold on an underground forum. ESET has named this exploit 'EvilVideo.'



After analyzing EvilVideo, we found that the exploit works on Android Telegram versions 10.14.4 and earlier. EvilVideo relies on a vulnerability that allows users to attach a binary data file to an Android app, which can then be displayed as a multimedia preview in the Android Telegram app. Therefore, when shared in a chat using EvilVideo, the malicious payload appears as a 30-second video.



By default, media files received via Telegram are set to automatically download to the user's device, so if a user opens this chat, they will automatically download the malicious payload. Even if automatic downloads are turned off, the payload can still be downloaded by tapping the download button in the top left corner.



Furthermore, when a user tries to play this file, which at first glance appears to be a video, Telegram displays the message 'This video cannot be played' and asks whether they would like to use an external player.



When you tap 'Open' on the screen above, Telegram will ask you to enable the installation of unknown apps.



Once enabled, it prompts users to install a malicious app disguised as an external player, which then installs malware or other apps on their device.



According to ESET, the exploit did not work on the Windows version.



ESET also reported the vulnerability to Telegram immediately. As a result, version 10.14.5, released on July 11, 2024, correctly displays the APK file as an application rather than a video in the multimedia preview when the APK file is shared in a chat.

Related Posts:

in Mobile,   Web Service,   Video,   Security, Posted by log1r_ut