Telegram for Android reportedly had a zero-day vulnerability which was being focused by attackers. This vulnerability, dubbed EvilVideo, allowed malicious actors and hackers to ship malware disguised as video information, as per the report. It was detected by a cybersecurity analysis agency final month after a publish in regards to the exploit was discovered on the darkish net. The poster was stated to be promoting the exploit and likewise confirmed a screenshot of its workings. Notably, Telegram launched an replace on July 11 patching the vulnerability after the cybersecurity agency notified it in regards to the exploit.
EvilVideo Exploit Present in Telegram
Based on a newsroom publish by cybersecurity agency Eset, Telegram for Android had a zero-day vulnerability. A zero-day vulnerability is a safety flaw which is unknown to the developer. The time period is used since builders have “zero days” to patch the problem. This explicit vulnerability was reportedly discovered by some malicious actors who have been attempting to promote it on the darkish net.
“We discovered the exploit being marketed on the market on an underground discussion board. Within the publish, the vendor reveals screenshots and a video of testing the exploit in a public Telegram channel. We have been capable of determine the channel in query, with the exploit nonetheless accessible. That allowed us to get our fingers on the payload and take a look at it ourselves,” stated ESET researcher Lukáš Štefanko, who found the exploit.
Dubbed EvilVideo, the exploit allowed hackers to deploy malware payload as Android Package deal (APK) inside the video information, based mostly on the darkish net publish noticed by Welivesecurity. When performed, Telegram reportedly would present a message that claims “App was unable to play this video.” Nonetheless, instantly afterwards, the hidden malware would ship request to permit apps from third-party sources so it could possibly be put in, revealed the publication.
For the reason that default choice on Telegram downloads movies by default, the researchers imagine the payload might have been simply unfold to a lot of customers by planting them in massive public teams.
Nonetheless, Eset notified Telegram in regards to the exploit on June 26, and reportedly, Telegram launched an replace on July 11, patching the vulnerability.