Telegram Zero-Day Exploited to Spread Malware Hidden in Videos, here is a quick look.

EDRSilencer

Telegram Zero-Day Exploited to Spread Malware Hidden in Videos, here is a quick look.

In a recent discovery, cybersecurity researchers from ESET Research have identified a critical zero-day vulnerability in the Telegram for Android app. This flaw allows attackers to hide malicious payloads within video files, potentially compromising user devices. The exploit, aptly named “EvilVideo,” was found in older versions of the Telegram application, specifically versions 10.14.4 and earlier.

Telegram-800x450-1 Telegram Zero-Day Exploited to Spread Malware Hidden in Videos, here is a quick look.

The Exploit Mechanism

The EvilVideo exploit leverages the Telegram API to create a payload disguised as a multimedia preview rather than a binary attachment. When shared in chat, the malicious payload appears as a harmless 30-second video. The attackers likely crafted this specific payload using the Telegram API, which enables developers to upload specially crafted multimedia files programmatically.

How the Attack Works

  1. Payload Creation: The threat actor creates a payload that displays an Android app as a multimedia preview. This step is crucial for the exploit to work effectively.
  2. Payload Distribution: Attackers can then share the malicious Android payloads via Telegram channels, groups, or individual chats. The files appear as innocuous multimedia content, making them less suspicious to users.
  3. User Interaction: When a user receives the disguised video, they must click on it to play it. Telegram displays a message indicating that it cannot play the video and suggests using an external player. The user is presented with options to “cancel” or “open” the file.
  4. Malware Installation: If the user taps the “open” button in the displayed message, a request to install an external player (which is, in reality, the malicious app) pops up. The user must approve the installation, unknowingly allowing malware onto their device. Interestingly, it is the nature of the vulnerability that makes the shared file look like a video; the actual malicious app was not altered to pose as a multimedia file, which suggests that the upload process was most likely exploited.

Telegram’s Response

ESET promptly reported the exploit and flaw to Telegram. Initially, there was no response, but after a second contact effort, Telegram issued a server-side fix for versions 10.14.5 and above of its Android app. Users are strongly advised to update their apps immediately to avoid compromise.

Protecting Yourself

To mitigate the risk posed by this zero-day vulnerability, consider the following steps:

  1. Update Telegram: Ensure that you are using the latest version of the Telegram app. Regular updates often include security patches that address known vulnerabilities.
  2. Disable Automatic Downloads: By default, Telegram automatically downloads media files. Disable this feature to prevent automatic execution of malicious payloads.
  3. Exercise Caution: Be cautious when receiving multimedia files, especially videos, from unknown sources. Always verify the sender and avoid clicking on suspicious links or attachments.

Conclusion

The EvilVideo exploit highlights the importance of staying vigilant and keeping software up to date. As threat actors continue to exploit vulnerabilities, users must remain informed and take proactive measures to protect their devices and data.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment