Telegram Zero-Day Vulnerability Exploited Using Malicious Video Files
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
ESET researchers recently discovered a critical zero-day vulnerability in the Telegram messaging app for Android, potentially exposing millions of users to malicious attacks.
The exploit, dubbed “EvilVideo,” allowed attackers to disguise harmful Android payloads as innocuous video files that could be distributed through Telegram channels, groups, and private chats.
Telegram Zero-day
The vulnerability was first identified when ESET researchers found an advertisement for the exploit on an underground forum on June 6, 2024. Using the alias “Ancryno,” the seller offered the zero-day for an undisclosed price, claiming it worked on Telegram versions 10.14.4 and older.
This information enabled ESET researchers to track down the channel, obtain the payload, and perform a detailed analysis.
Demonstrated by ESET
ESET’s investigation revealed that the exploit affects Telegram versions 10.14.4 and older. The payload, likely crafted using the Telegram API, masquerades as a 30-second video.
How is the Telegram Zero-Day Vulnerability Exploited?
If a user attempts to play the “video,” Telegram displays an error message suggesting the use of an external player. Tapping the Open button in this message prompts the installation of a malicious app disguised as an external player.
Telegram then requests the user to enable the installation of unknown apps, leading to the installation of the malicious app. The malicious app is downloaded as an apparent video file but with a .apk extension, exploiting the vulnerability to appear as a multimedia file.
When shared in a chat, the malicious payload appears as a multimedia file, leveraging Telegram’s default setting to automatically download media files. Users with this setting enabled would automatically download the malicious payload upon opening the conversation.
ESET researchers promptly reported the vulnerability to Telegram on June 26, 2024, and again on July 4. Telegram acknowledged the issue and released a patch in version 10.14.5 on July 11, 2024, effectively closing the security gap.
While it remains unclear if the exploit was used in real-world attacks, the potential for widespread damage was significant given Telegram’s popularity, with over a billion downloads of its Android app.
The threat actor behind EvilVideo also offers an Android cryptor-as-a-service, claiming it is fully undetectable (FUD). This service has been advertised on the same underground forum since January 11, 2024.
Telegram users are strongly advised to update their app to the latest version and exercise caution when interacting with media files from unknown sources. This event serves as a reminder of the persistent risks in the digital landscape and the critical role of cybersecurity research in protecting users from emerging threats.
#Cyber_Security #Cyber_Security_News #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Telegram Zero-Day Vulnerability Exploited Using Malicious Video Files
Author: Guru BaranESET researchers recently discovered a critical zero-day vulnerability in the Telegram messaging app for Android, potentially exposing millions of users to malicious attacks.
The exploit, dubbed “EvilVideo,” allowed attackers to disguise harmful Android payloads as innocuous video files that could be distributed through Telegram channels, groups, and private chats.
Telegram Zero-dayThe vulnerability was first identified when ESET researchers found an advertisement for the exploit on an underground forum on June 6, 2024. Using the alias “Ancryno,” the seller offered the zero-day for an undisclosed price, claiming it worked on Telegram versions 10.14.4 and older.
This information enabled ESET researchers to track down the channel, obtain the payload, and perform a detailed analysis.
Demonstrated by ESET
ESET’s investigation revealed that the exploit affects Telegram versions 10.14.4 and older. The payload, likely crafted using the Telegram API, masquerades as a 30-second video.
How is the Telegram Zero-Day Vulnerability Exploited?
If a user attempts to play the “video,” Telegram displays an error message suggesting the use of an external player. Tapping the Open button in this message prompts the installation of a malicious app disguised as an external player.
Telegram then requests the user to enable the installation of unknown apps, leading to the installation of the malicious app. The malicious app is downloaded as an apparent video file but with a .apk extension, exploiting the vulnerability to appear as a multimedia file.
When shared in a chat, the malicious payload appears as a multimedia file, leveraging Telegram’s default setting to automatically download media files. Users with this setting enabled would automatically download the malicious payload upon opening the conversation.
ESET researchers promptly reported the vulnerability to Telegram on June 26, 2024, and again on July 4. Telegram acknowledged the issue and released a patch in version 10.14.5 on July 11, 2024, effectively closing the security gap.
While it remains unclear if the exploit was used in real-world attacks, the potential for widespread damage was significant given Telegram’s popularity, with over a billion downloads of its Android app.
The threat actor behind EvilVideo also offers an Android cryptor-as-a-service, claiming it is fully undetectable (FUD). This service has been advertised on the same underground forum since January 11, 2024.
Telegram users are strongly advised to update their app to the latest version and exercise caution when interacting with media files from unknown sources. This event serves as a reminder of the persistent risks in the digital landscape and the critical role of cybersecurity research in protecting users from emerging threats.
#Cyber_Security #Cyber_Security_News #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
