A zero-day flaw named "EvilVideo" that targets Telegram for Android, enabling attackers to send malicious payloads disguised as video files.
ESET researchers have uncovered a zero-day vulnerability named “EvilVideo” that targets Telegram for Android, enabling attackers to send malicious payloads disguised as video files. On June 6, 2024, a zero-day exploit targeting Telegram for Android appeared for sale on an underground forum. This exploit, leveraging a vulnerability named “EvilVideo,” was tested by ESET researcher Lukas …
The post Telegram for Android Hit by Zero-Day “EvilVideo” Exploit appeared first on RestorePrivacy.
Once the user attempts to play the video, Telegram displays a message indicating it cannot play the file and suggests using an external player. If the user follows this suggestion, they are prompted to install a malicious app disguised as an external player. This app, detected as Android/Spy.SpyMax.T, is downloaded as an apparent video file with an .apk extension. The exploit’s nature misleads the Telegram preview into displaying the file as a video, even though it is an APK.