Cybersecurity researchers at ESET found a serious problem in the Telegram app for Android phones. This problem is called a telegram zero day Exploit vulnerability, and it let bad people send dangerous files disguised as videos through Telegram chats.
What Happened with the EvilVideo Exploit?
The zero-day exploit, called “EvilVideo,” allowed hackers to send harmful files through Telegram channels, groups, and private chats, making them look like normal video files. This problem affected only Android versions of Telegram that were 10.14.4 or older.
Lukas Stefanko, a researcher at ESET, discovered this problem in June 2024 on a secret website where people were selling this exploit for an unknown price.
“We found the exploit being sold on a hidden forum. The seller shared pictures and a video showing the exploit working in a public Telegram channel. We found this channel and tested the exploit ourselves,” ESET said in a press release.
How the Exploit Worked
According to ESET, the exploit was likely made using Telegram’s special code system (API). This system allows developers to upload special video files to Telegram chats or channels in a sneaky way.
The malware appeared as a video preview on the Android app, not as a usual file. When shared in a chat, the harmful file looked like a harmless 30-second video. By default, Telegram automatically downloads media files, so if this setting was on, the harmful file would download as soon as the chat was opened.
Even if the automatic download was turned off, users could still download the bad file by tapping the download button on the video. When the user tried to play the “video,” Telegram would show a message saying it couldn’t play the video and suggest using an outside video player. If the user tapped “Open,” they would be asked to install a harmful app pretending to be a video player and enable installation of unknown apps.
“At this point, the harmful app is already downloaded as the video file, but it has a .apk ending. The problem makes the file look like a video – the bad app itself wasn’t changed to look like a video,” ESET explained.
ESET’s Discovery and Telegram’s Response
ESET found the EvilVideo problem on June 26, 2024, and told Telegram right away. Telegram confirmed the issue on July 4 and started looking into it. They fixed the problem and released a new version of the app, 10.14.5, on July 11, 2024.
The EvilVideo exploit affected Telegram for Android version 10.14.4 and earlier. Users should update to version 10.14.5, which fixes the problem and shows APK files correctly as apps, not videos.
“This exploit is not a weakness in Telegram itself. Users had to open the video, change Android safety settings, and then install a suspicious-looking ‘media app’,” a Telegram spokesperson said.
“We got a report about this exploit on July 5 and fixed it on our servers on July 9 to protect users on all versions of Telegram.”
Conclusion
In summary, ESET found a serious problem called EvilVideo that affected older versions of Telegram on Android. This exploit allowed bad people to send dangerous files pretending to be videos. Telegram quickly fixed the issue, and users are urged to update their app to stay safe. Always be careful with files from unknown sources and keep your apps up to date to protect yourself from such threats.