Telegram for Android reportedly had a zero-day vulnerability that was exploited by attackers. The vulnerability, dubbed EvilVideo, allowed malicious actors and hackers to send malware disguised as video files, the report said. It was discovered by a cybersecurity research firm last month after a post about the exploit was found on the dark web. The poster allegedly sold the exploit and also showed a screenshot of how it worked. Notably, Telegram released an update patching the vulnerability on July 11 after the cybersecurity firm alerted them to the exploit.
EvilVideo exploit found in Telegram
According to a news editorial after by cybersecurity firm Eset, Telegram for Android had a zero-day vulnerability. A zero-day vulnerability is a security hole that is unknown to the developer. The term is used because developers have “zero days” to patch the issue. This particular vulnerability was reportedly found by malicious actors who attempted to sell it on the dark web.
“We found the exploit for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves,” said ESET researcher Lukáš Štefanko, who discovered the exploit.
Dark web post about Telegram vulnerability
Photo credit: Welivesecurity
The exploit, dubbed EvilVideo, allowed hackers to deploy malware payloads as Android Package (APK) into the video files, based on the message on the dark web spotted by Welivesecurity. When Telegram was played, it would reportedly display a message saying “App could not play this video.” However, right after that, the hidden malware would send a request to allow third-party apps so that it could be installed, the publication revealed.
Because Telegram downloads videos by default, the researchers believe the payload could have easily been distributed to a large number of users by posting them in large public groups.
However, Eset notified Telegram about the exploit on June 26, and Telegram reportedly released an update on July 11 that fixes the vulnerability.
