In a recent development, ESET researchers have uncovered a zero-day exploit in Telegram for Android that allowed attackers to send malicious files disguised as videos. The discovery of this vulnerability, named EvilVideo by ESET, sheds light on the risks faced by the popular messaging platform’s nearly billion monthly users.
The exploit came to the attention of ESET malware researcher Lukáš Štefanko when he encountered it being sold on an underground forum. Intrigued by the potential threat posed by this exploit, Štefanko dove into the details to analyze its impact and report his findings. In a discussion with ESET Distinguished Researcher Aryeh Goretsky on the ESET Research podcast, Štefanko revealed that the vulnerability specifically targeted the Android version of the Telegram app, while leaving the Windows and iOS versions unaffected.
Further investigation by Štefanko uncovered that the exploit was bundled with an off-the-shelf spyware known as Android/Spy.SpyMax. However, he noted that the malicious payload could be easily swapped for any other type of malware at the attacker’s discretion. This flexibility in the exploit’s delivery mechanism highlights the potential danger it posed to unsuspecting users.
The response of Telegram developers to ESET’s report on the vulnerability, including the time taken to address the issue and the impact on users, remains a point of interest. For insights into these aspects and more, listeners are encouraged to tune in to the latest episode of the ESET Research podcast.
For those seeking more information on the EvilVideo exploit or updates on the activities of various threat actors, ESET Research’s social media channels and online platforms provide valuable resources. By following ESET Research on X (formerly known as Twitter) and engaging with their blog posts and white papers on WeLiveSecurity.com, users can stay informed about the latest cybersecurity threats and developments.
To stay updated on the latest episodes of the ESET Research podcast, interested listeners can subscribe on popular platforms such as Spotify, Apple Podcasts, and PodBean. Additionally, participants in the ongoing 2024 ESET Technology Conference can take part in the capture the flag challenge, with the flag for the “Radio Broadcast” challenge being: podcasts_are_new_books.
In conclusion, the discovery of the EvilVideo exploit highlights the persistent threat posed by cybercriminals targeting popular messaging apps like Telegram. By staying informed about such vulnerabilities and taking proactive measures to safeguard their devices and data, users can mitigate the risks associated with these malicious attacks.