Telegram has fixed a zero-day vulnerability that allowed infected APK files to be sent under the guise of videos

Cybersecurity experts discovered a zero-day vulnerability in the Telegram messenger that allowed attackers to send malicious APK files disguised as video files. The vulnerability affected Android users and was successfully exploited to spread malware.

Image source: Dima Solomin/Unsplash

According to the resource BleepingComputer, on June 6, on the XSS hacker forum, an attacker under the nickname Ancryno put up for sale a zero-day exploit (a method based on an attack with previously unidentified software vulnerabilities) for the Telegram messenger. The vulnerability, dubbed “EvilVideo,” was discovered by ESET and affected versions of the application up to 10.14.4 for Android users.

The attackers created special APK files that, when sent via Telegram, appeared as embedded videos. When trying to play such a video, Telegram suggested using an external player, which could prompt the victim to click the “Open” button, thereby running the malicious code.

ESET tested the exploit and confirmed its functionality. On June 26 and July 4, company specialists reported the problem to Telegram management. In response, on July 11, Telegram released version 10.14.5 of its application, which fixed the vulnerability. Although a successful attack required several actions on the part of the victim, hackers had at least five weeks to exploit the vulnerability before releasing a patch.

Interestingly, despite hackers’ “one-click” claim, the actual process requires several steps, reducing the risk of a successful attack. ESET also tested the exploit on Telegram Desktop, but it did not work there because the malicious file was treated as an MP4 video rather than an APK file.

The fix in version 10.14.5 now correctly displays APK files in the preview, eliminating the possibility of deceiving recipients. ESET recommends that users who have recently received videos asking you to open them using an external app should scan their file system using mobile antivirus software to find and remove malicious files.

As a reminder, Telegram files are usually stored in “/storage/emulated/0/Telegram/Telegram Video/” (internal storage) or “/storage//Telegram/Telegram Video/” (external storage).

admin

Share
Published by
admin

Recent Posts

Apple to Change OS Numbering: iOS 26 to Come This Year Instead of iOS 19

Apple is preparing a large-scale rebranding of its line of operating systems. This was reported…

17 hours ago

The Witcher 3: Wild Hunt has matched Skyrim in sales, and every third Cyberpunk 2077 owner has bought the Phantom Liberty add-on

The cult open-world action role-playing game The Witcher 3: Wild Hunt, which recently celebrated its…

17 hours ago

Analysts predict absurd surge in PC sales due to Trump’s indiscriminate tariffs

IDC analysts unexpectedly concluded that the current unstable tariff policy of the US administration will…

17 hours ago

Adata XPG Mars 980 Blade PCIe 5.0 SSD Review: Affordable SM2508 Flagship

The first consumer SSDs with PCIe 5.0 interface appeared on the market about two years…

17 hours ago

Electronic Arts to Focus on Key Franchises — Black Panther Action Game Cancelled, Cliffhanger Games Studio Closed

The IGN portal, citing internal correspondence from Electronic Arts, reported that the American publisher has…

17 hours ago

Study: Apple C1 mobile modem falls short of Qualcomm modems in terms of connection quality in difficult conditions

A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…

2 days ago