Telegram zero-day for Android allowed malicious files to masquerade as videos
Researchers found a zero-day exploit in Telegram for Android, named EvilVideo. Telegram fixed it in versions 10.14.5+. Attackers could send malicious files as videos. Exploit sold on forum. Patched version prevents automatic downloads. Threat actor unknown.
Read original article
Researchers discovered a zero-day exploit in the Telegram messaging app for Android devices, allowing attackers to send malicious files disguised as videos. The vulnerability, named EvilVideo, was fixed by Telegram in versions 10.14.5 and above after being reported by researchers. Threat actors had about five weeks to exploit the bug before the patch was released, but it's unclear if it was used in the wild. The exploit was found on an underground forum and sold by a user named "Ancryno." In unpatched versions, attackers could send malicious payloads through Telegram channels, groups, and chats, appearing as multimedia files. The exploit leveraged Telegram's default setting to automatically download media files. The patched version now correctly displays malicious files as applications. The identity and motives of the threat actor behind the exploit remain unknown. Additionally, the same forum advertised undetectable Android cryptomining malware.
Related
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Universal Code Execution by Chaining Messages in Browser Extensions
Researchers demonstrate universal code execution in browser extensions by exploiting messaging APIs, bypassing security measures. Vulnerabilities in extensions can compromise millions of users, allowing access to sensitive data and enabling arbitrary command execution.
Houthi rebels are operating their own GuardZoo spyware
Houthi rebels operate GuardZoo spyware, a surveillance tool similar to Pegasus. Active since 2019, it targets Yemeni military with social engineering tactics. Despite lower sophistication, GuardZoo highlights rising surveillance malware threats.
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files
A critical vulnerability in Exim mail transfer agent (CVE-2024-39929) exposes 1.5 million email servers to attacks delivering malicious attachments. No active exploits reported, but admins urged to update Exim to version 4.98 RC3 for protection.
Telegram zero-day allowed sending malicious Android APKs as videos
A zero-day vulnerability in Telegram for Android, named 'EvilVideo,' allowed attackers to send malicious APK payloads disguised as videos. The flaw was patched in version 10.14.5 after responsible disclosure. Users should update their app.
7 comments> The exploit takes advantage of Telegram’s default setting to automatically download media files. The option can be disabled manually, but in that case, the payload could still be installed on the device if a user tapped the download button in the top left corner of the shared file.
I don't see why this exploit could not be exploited on iOS.
> If the user tried to play the “video,” Telegram displayed a message that it was unable to play it and suggested using an external player. The hackers disguised a malicious app as this external player.
However, it seems a disguised way to invite the user to install an external application... Is it from the Google Play Store? Or an external APK that the user has to download from a website, and install himself?
It’s still very unlikely to happen since android will warn you and you have to go through several dialogs to enable installing the apk.
This will be an unpopular opinion, and I’m not saying their argument is correct, or that the good doesn’t outweigh the risk - but this is exactly what Apple was talking about when they explained why they don’t want side loading.
Related
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Universal Code Execution by Chaining Messages in Browser Extensions
Researchers demonstrate universal code execution in browser extensions by exploiting messaging APIs, bypassing security measures. Vulnerabilities in extensions can compromise millions of users, allowing access to sensitive data and enabling arbitrary command execution.
Houthi rebels are operating their own GuardZoo spyware
Houthi rebels operate GuardZoo spyware, a surveillance tool similar to Pegasus. Active since 2019, it targets Yemeni military with social engineering tactics. Despite lower sophistication, GuardZoo highlights rising surveillance malware threats.
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files
A critical vulnerability in Exim mail transfer agent (CVE-2024-39929) exposes 1.5 million email servers to attacks delivering malicious attachments. No active exploits reported, but admins urged to update Exim to version 4.98 RC3 for protection.
Telegram zero-day allowed sending malicious Android APKs as videos
A zero-day vulnerability in Telegram for Android, named 'EvilVideo,' allowed attackers to send malicious APK payloads disguised as videos. The flaw was patched in version 10.14.5 after responsible disclosure. Users should update their app.