2024-07-23 13:40:35
A vulnerability identified in Telegram for Android has put users of this messaging application at risk with the sending of malicious multimedia messages through chats.
The cybersecurity company ESET has reported the discovery in a clandestine forum of a zero-day exploit designed to take advantage of the ‘EvilVideo’ vulnerability, which they had access to and were able to analyze.
This exploit, which works on versions 10.14.4 and higher of the Telegram app for Android, allows cyber attackers to design multimedia files with a payload that appears as a video of about 30 seconds once sent through a chat, channel, or group, as reported by ESET.
This file, once downloaded – although configurable, Telegram has automatic downloading of multimedia set by default – will display a message indicating that the video cannot be played and requires an external player, which is actually a malicious application.
Telegram released an update on July 11 (v0.14.5) that fixed the vulnerability after ESET informed them of their discovery.