Telegram addresses a flaw that let hackers transfer harmful files over chat rooms.

 Telegram addresses a flaw that lets hackers transfer harmful files over chat rooms.

 

24/7/2024,

Recently, Telegram fixed a serious flaw in its Android app.

 

Because of the vulnerability, malicious files might be sent via the platform purporting to be video files.

 

The threat actor responsible for this exploit is yet unknown.

Recently, Telegram fixed a serious flaw in its Android app that let hackers use the service to distribute malicious files purportedly in the form of videos. The zero-day exploit known as "EvilVideo" was discovered by ESET researchers and was first offered for sale on a covert forum on June 6, 2024. 

The exploit took use of a weakness that allowed attackers to disseminate malicious payloads over chats, groups, and channels on Telegram while disguising them as safe multimedia files.

 

The exploit was found and examined by the ESET team, who then reported it to Telegram on June 26. The vulnerability in Telegram versions 10.14.5 and higher was then patched by an upgrade that was made available by Telegram on July 11.

Now that the problem has been fixed, users are safe from the danger.

How the Trick Operated

 

Versions 10.14.4 and earlier of Telegram were the focus of the EvilVideo vulnerability. It functioned by generating a malicious payload that showed up in chat as a 30-second video file. 

Telegram would require users to install an external player which was actually a malicious program under a different name when they tried to play this file. Users could manually download the payload by hitting the download button, or it would download automatically if their settings allowed media files to download automatically.

 

It's interesting to note that neither Telegram's desktop nor web clients could use the exploit. The Desktop client added an additional mp4 extension to the APK file, stopping the exploit from running, whereas the Web client handled the file as an MP4.

 

Dangerous Party and Additional Measures

Though they were also discovered to provide further harmful services on the same underground forum, the threat actor responsible for this attack is still mainly unknown.

 

Despite this, Telegram's prompt resolution of the issue shows its commitment to user security.

Users of Telegram for Android are secure against this specific exploit now that the EvilVideo vulnerability has been addressed. It acts as a reminder of how important it is to update apps to be secure from possible threats.