Cybersecurity researchers are outlining a major zero-day flaw across Telegram’s Android app.
Experts revealed how the flaw enabled attackers to roll out malicious content that seemingly appeared as videos to the user.
The news comes from ESET researchers that shed light on how the files may be sent to users on Android without them suspecting the act. It would simply pop up as a direct message or in the form of text across certain groups or channels. Since the Telegram app enables automated downloads of media files through default means, any users of the app that didn’t have the feature switched off may have been vulnerable to such an attack.
The file would automatically download as the chat was opened. When you click on fake videos, they would actually trigger real error alerts for Telegram. Common lines would include, ‘The app was not able to play this video’. And then an option of combatting the problem would include another alert of how it could be played with the help of external players.
The users would get the option to cancel or open up files. When the Open option was selected, they would enable APK file installations through the Telegram platform. In this manner, users would need to take several actions to have the malware payload enabled.
Files in disguise and any kind of misclassification through the app would continue to be deemed as serious concerns for obvious reasons.
ESET found such exploits like EvilVideo being promoted for sale through forums on the dark web and then that’s when it was reported to the Telegram app in June. No confirmed reports are present in terms of whether or not anyone fell for scams but the app did roll out an Android update on July 11.
It’s quite possible that such exploits could be due to upload errors across the Android app as APK files do get highlighted boldly after they’re fixed.
Such a vulnerability didn’t end up impacting desktop users or those with iOS systems. Even users of Windows desktop platforms were safe. But when you consider Telegram’s Android platform which has more than 1B downloads, it’s still massive in terms of potential victims getting attacked.
Most threat actors end up purchasing and selling malware and other kinds of exploitations through the dark web. However, not a lot of these are always underground. Some go as far as selling phishing kits through the Telegram app on its own.
Read next: Meta’s Llama 3.1 405B May Outperform OpenAI’s GPT-4o As Leaked Data Suggests Major Milestone For AI Community
Experts revealed how the flaw enabled attackers to roll out malicious content that seemingly appeared as videos to the user.
The news comes from ESET researchers that shed light on how the files may be sent to users on Android without them suspecting the act. It would simply pop up as a direct message or in the form of text across certain groups or channels. Since the Telegram app enables automated downloads of media files through default means, any users of the app that didn’t have the feature switched off may have been vulnerable to such an attack.
The file would automatically download as the chat was opened. When you click on fake videos, they would actually trigger real error alerts for Telegram. Common lines would include, ‘The app was not able to play this video’. And then an option of combatting the problem would include another alert of how it could be played with the help of external players.
The users would get the option to cancel or open up files. When the Open option was selected, they would enable APK file installations through the Telegram platform. In this manner, users would need to take several actions to have the malware payload enabled.
Files in disguise and any kind of misclassification through the app would continue to be deemed as serious concerns for obvious reasons.
ESET found such exploits like EvilVideo being promoted for sale through forums on the dark web and then that’s when it was reported to the Telegram app in June. No confirmed reports are present in terms of whether or not anyone fell for scams but the app did roll out an Android update on July 11.
It’s quite possible that such exploits could be due to upload errors across the Android app as APK files do get highlighted boldly after they’re fixed.
Such a vulnerability didn’t end up impacting desktop users or those with iOS systems. Even users of Windows desktop platforms were safe. But when you consider Telegram’s Android platform which has more than 1B downloads, it’s still massive in terms of potential victims getting attacked.
Most threat actors end up purchasing and selling malware and other kinds of exploitations through the dark web. However, not a lot of these are always underground. Some go as far as selling phishing kits through the Telegram app on its own.
Read next: Meta’s Llama 3.1 405B May Outperform OpenAI’s GPT-4o As Leaked Data Suggests Major Milestone For AI Community