Cybersecurity researchers at ESET have uncovered a major safety flaw within the Telegram app for Android gadgets. This vulnerability, termed a “zero-day exploit,” permits attackers to ship malicious recordsdata that masquerade as common movies through Telegram chats. Dubbed “EvilVideo,” this exploit was found on an underground on-line discussion board in June 2024.
Learn Extra: Amazon sale: High reductions on laptops and gaming screens from HP, Lenovo, MSI and extra
How the “EvilVideo” Exploit Works
The exploit permits hackers to distribute harmful recordsdata disguised as harmless 30-second movies. These recordsdata will be despatched by means of Telegram channels, teams, or personal chats. Usually, when customers obtain movies on Telegram, they’re robotically downloaded, supplied the setting is enabled. Because of this, the dangerous file will get downloaded as quickly because the recipient opens the chat.
ESET researcher Lukas Stefanko and his group found this exploit whereas monitoring secret on-line boards. They encountered a vendor demonstrating the exploit’s performance in a public Telegram channel. ESET subsequently accessed this channel and obtained the malicious file for testing. Their experiments confirmed that the exploit affected older variations of Telegram, particularly these earlier than model 10.14.5. The hackers exploited the Telegram API, a instrument for builders to create and add content material, to disguise these dangerous recordsdata as movies. When customers tried to play the “video,” Telegram would point out playback points and recommend utilizing one other app, resulting in the set up of a malicious software if the person complied.
Telegram’s Response and Repair
ESET detected this challenge on June 26, 2024, and promptly notified Telegram. Initially, there was no response. Nevertheless, upon a second report on July 4, Telegram responded swiftly and started investigating. The difficulty was resolved with the discharge of a brand new app model, 10.14.5, on July 11, 2024. This replace ensures customers are not susceptible to this exploit in the event that they replace their app.
To stay protected, customers ought to replace their Telegram app to the most recent model. Detailed data will be present in ESET’s weblog put up titled “Cursed tapes: Exploiting the EvilVideo vulnerability in Telegram for Android” on WeLiveSecurity.com. Moreover, ESET Analysis supplies updates on Twitter (now referred to as X).
Learn Extra: iPhone costs to scale back in India after Union Price range 2024? 5 questions answered
The “EvilVideo” exploit posed a critical risk by tricking customers into downloading dangerous recordsdata merely by opening a chat. Because of the immediate actions of ESET and Telegram, the vulnerability has been addressed within the newest app replace. Customers are suggested to maintain their apps up to date to guard in opposition to such threats.
Yet one more factor! We are actually on WhatsApp Channels! Comply with us there so that you by no means miss any updates from the world of know-how. To comply with the HT Tech channel on WhatsApp, click on right here to hitch now!