Researchers from Eset have uncovered a new exploit targeting Telegram for Android. The exploit, known as Evilvideo, was discovered being sold on an underground forum on June 6, 2024. Cybercriminals were using this vulnerability to distribute malicious files through various channels, groups, and chats on Telegram, disguising them as multimedia files.
By obtaining a sample of the exploit, experts were able to analyze it and report the issue to Telegram on June 26. A fix for the vulnerability was then released on July 11, 2024, in Telegram versions 10.14.5 and above.
The vulnerability allowed attackers to send malicious files that appeared to be videos on outdated versions of Telegram for Android (10.14.4 and older). The exploit was advertised on an underground forum, where the seller showcased their work in a public Telegram channel, enabling researchers to acquire a malicious file for testing.
Analysis of the exploit revealed that it leveraged the capability to create deceptive files that were presented as multimedia previews. When attempting to play these “videos,” Telegram would notify users that the file could not be played and prompt them to use an external player. Clicking the “Open” button would then recommend installing a malicious application disguised as a player.
The vulnerability was addressed in version 10.14.5 of Telegram, where multimedia previews now correctly identify the file as an application rather than a video.
While the exploit was tested on the web version and desktop client of Telegram for Windows, it was found to be ineffective. In both instances, the file was recognized as multimedia and posed no threat.
Furthermore, it was discovered that the exploit seller was also offering a cryptor service for Android, which makes malicious files invisible to antivirus software. This service had been promoted on the same underground forum since January 2024.
Following the identification and resolution of the vulnerability in Telegram, users are advised to update their application to the latest version to safeguard against potential threats.