A recent zero-day vulnerability in Telegram for Android, dubbed ‘EvilVideo,’ has been exploited by attackers to send malicious Android APK payloads disguised as video files. This significant security flaw was first brought to light when a threat actor named ‘Ancryno’ started selling the exploit on June 6, 2024, on the Russian-speaking XSS hacking forum.
ESET researchers discovered the flaw after a proof-of-concept demonstration was shared on a public Telegram channel, allowing them to analyze the malicious payload. They confirmed that the exploit worked on Telegram v10.14.4 and older, naming it ‘EvilVideo.’ The vulnerability was responsibly disclosed to Telegram by ESET researcher Lukas Stefanko on June 26 and again on July 4, 2024.
Telegram responded on July 4, indicating that they were investigating the report.
While it remains unclear if the flaw was actively exploited in attacks, ESET shared a command and control server (C2) used by the payloads at ‘infinityhackscharan.ddns[.]net.’ BleepingComputer identified two malicious APK files using that C2 on VirusTotal that masqueraded as Avast Antivirus and an ‘xHamster Premium Mod.’
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: