Security News > 2024 > July > Vulnerability in Telegram app for Android allows sending malicious files disguised as videos
Using the exploit to abuse a vulnerability that ESET named "EvilVideo," attackers could share malicious Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files.
"We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves," explains ESET researcher Lukáš Štefanko, who discovered the Telegram exploit.
The reason might be that the specific payload is most likely crafted using the Telegram API, since it allows developers to upload specially crafted multimedia files to Telegram chats or channels programmatically.
By default, media files received via Telegram are set to download automatically.
They reported the vulnerability again on July 4, and that time, Telegram reached out to ESET the same day to confirm that its team was investigating EvilVideo.
The vulnerability affected all versions of Telegram for Android up to 10.14.4, but has been updated as of version 10.14.5.
News URL
https://www.helpnetsecurity.com/2024/07/23/telegram-exploit-evilvideo/