ESET researchers have discovered a zero-day exploit targeting Telegram for Android. An exploit called EvilVideo appeared for sale on an underground forum on June 6, 2024. Attackers used this vulnerability to distribute malicious files through Telegram channels, groups and chats, disguising them as multimedia files.
โ The vulnerability allowed sending malicious files that looked like videos in unprotected versions of Telegram for Android (10.14.4 and older). The exploit was found on the XSS forum, where a seller demonstrated its work in a public Telegram channel. This allowed the researchers to obtain the malicious file and test it.
It also turned out that the seller of the exploit offered a cryptor service for Android, making malicious files invisible to antiviruses. This service has been advertised on the same XSS forum since January 2024.
#0day #Telegram
@geekcode
Please open Telegram to view this post
VIEW IN TELEGRAM
๐2