Introduction: The EvilVideo vulnerability is a zero-day exploit targeting the Telegram app for Android devices. Discovered by ESET researchers, this vulnerability allows attackers to send malicious payloads disguised as multimedia files (videos) through Telegram channels, groups, and chats. The vulnerability affects Telegram versions 10.14.4 and older.

Vulnerability Details: - Name: EvilVideo - Affected Versions: Telegram for Android 10.14.4 and older - Discovered by: ESET Research - Reported to Vendor: June 26, 2024 - Patched Version: Telegram 10.14.5, released on July 11, 2024

Exploit Mechanism: The EvilVideo exploit allows threat actors to create a payload that appears as a 30-second video file. By default, Telegram automatically downloads media files, which means users with this setting enabled will automatically download the malicious payload upon opening the conversation. When a user attempts to play the "video," Telegram displays a message suggesting the use of an external player. If the user proceeds, they are prompted to install a malicious app disguised as an external application.

Exploitation in the Wild: The exploit was discovered for sale in an underground forum, along with screenshots and a video demonstrating its capabilities. ESET researchers identified the forum and the Telegram channel where the exploit was being tested and advertised. This allowed them to analyze the payload and confirm its functionality.

Mitigation Strategies: - Update Telegram: Users should update to the latest version of Telegram (10.14.5 or later) to ensure protection against the EvilVideo vulnerability. - Disable Automatic Media Downloads: Users can enhance security by disabling automatic media downloads in Telegram settings, requiring manual approval for file downloads. - Educate Users: Raise awareness among users about the dangers of opening unsolicited video files and the importance of verifying the source of any received media.

References and Sources: 1. ESET Research: EvilVideo Telegram vulnerability 2. WeLiveSecurity: Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

Final Notes: The EvilVideo vulnerability highlights the ongoing risks associated with zero-day exploits in popular applications like Telegram. It is crucial for users to maintain updated software and stay informed about potential threats. By implementing recommended security measures, users can mitigate the risks associated with such vulnerabilities.