{"id":166042,"date":"2024-07-22T21:53:20","date_gmt":"2024-07-22T21:53:20","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166042"},"modified":"2024-07-22T21:53:22","modified_gmt":"2024-07-22T21:53:22","slug":"evilvideo-telegram-android-zero-day","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166042\/hacking\/evilvideo-telegram-android-zero-day.html","title":{"rendered":"EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos"},"content":{"rendered":"
<\/div>\n

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos.<\/h2>\n\n\n\n

ESET researchers discovered a zero-day exploit named EvilVideo that targets the Telegram app for Android. The exploit was for sale on an underground forum from June 6, 2024, it allows attackers to share malicious Android payloads via Telegram, disguising them as multimedia files. <\/p>\n\n\n\n

\"EvilVideo<\/a><\/figure>\n\n\n\n

ESET researcher Lukas Stefanko reported the zero-day to Telegram on June 26 and later on July 4, 2024.<\/gwmw><\/p>\n\n\n\n

The exploit only works on Telegram versions 10.14.4 and older, the company addressed the flaw on July 11, 2024, with the release of versions 10.14.5 and above.<\/gwmw><\/p>\n\n\n\n

The seller, who uses the moniker ‘Ancryno,’ advertised the exploit on the XSS hacking forum. The seller showed screenshots and a video of testing the exploit on a public Telegram channel. ESET identified the Telegram channel, and obtained it
<\/gwmw><\/p>\n\n\n\n

\n

Exploiting the #EvilVideo<\/a> vulnerability on Telegram

We discovered a 0-day Telegram for Android exploit that allows sending malicious apps disguised as videos
https:\/\/t.co\/fb9FmhFJWV<\/a> @ESETresearch<\/a> @ESET<\/a> pic.twitter.com\/cLxUxnAaTB<\/a><\/p>— Lukas Stefanko (@LukasStefanko) July 22, 2024<\/a><\/blockquote>