How hackers exploited a Telegram weakness to send malware file via chat
A critical security flaw in the encrypted messaging app Telegram was reportedly exploited by attackers to spread malicious files as harmless-looking videos. Called EvilVideo, the flaw was found in the mobile app for Android and allowed malicious actors to embed malware within videos. The exploit appeared for sale on an underground forum on June 6, 2024, according to ESET’s research team, after which the app disclosed it on June 26. The issue was finally addressed by Telegram in version 10.14.5 released on July 11.
Attackers were able to hide a malicious APK file in a 30-second clip which when clicked on showed a warning saying that the video couldn’t be played and urged them to play it on an external player. When they proceed, users will be asked to okay an installation of an APK file called ‘xHamster Premium Mod,’ through Telegram.
Security researcher Lukas Stefanko explained in a blog that attackers used Telegram’s API to make the payload and that by default media received via Telegram download automatically. So, users will find the malicious payload downloaded as soon as they open the conversation.
While there’s still no news around the culprits of the attack, it is known that the same actor advertised a fully undetectable Android crypter that can reportedly bypass Google Play Protect.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
A spokesperson for the app responded to the ESET report saying the exploit wasn’t a vulnerability on Telegram since it would require users to manually open the video and install the app. They noted that they had received a report about the exploit on July 5 and deployed a server-fix on July 9 on all versions.
A couple of days ago, the company’s founder Pavel Durov said that they’ve touched 950 million active users and aims to cross the 1 billion mark this year. Telegram also plans to launch an app store and an in-app browser with support for Web3 pages later this month.