Malicious APKs* disguised as videos were “walking” in Telegram. As of now, the vulnerability has been fixed.
APK files disguised as videos, were sent to users in the messenger. A zero-day vulnerability called EvilVideo was discovered in Telegram on Android, which allowed attackers to send malicious APKs, writes Bleeping Computer.
On June 6, a post appeared on the Russian-language XSS forum from user Ancryno, in which he offered to sell others a zero-day vulnerability that works in Telegram version v10.14.4 and higher.
On July 4, Telegram responded that they were investigating the problem. On July 11, version 10.14.5 was released, where the problem was solved. That is, the attackers had about 5 weeks to exploit the new vulnerability of the messenger, while This possibility still exists if users have not updated the program.
The vulnerability allowed attackers to create APK files that were sent to users via the messenger. International antivirus software developer ESET believes that criminals used Telegram's API to create messages that looked like 30-second videos.
What made it easier to exploit such a vulnerability was that By default, the Android app automatically downloads all files. The malicious APK would start downloading as soon as users opened the messages. For those who had auto-download turned off, it was enough to just tap the video once for the APK to start downloading as well.
When users tried to play the video, Telegram suggested using an internal player, asking to “open” it, which also started downloading malware.
But in order for the malware to be installed on users' smartphones, they also needed to enable the installation of unknown programs in the device settings. The attackers noted that this vulnerability was performed in one click, but to successfully infect a smartphone, more actions were still required.
Telegram representative explained that this is not a vulnerability of the messengerbecause the user was required to open the video and change the Android security settings, and only after that the suspicious APK could be installed.
*APK, or Android Package Kit, is a package file format for the Android operating system.
More Stories
Gambling: In the first half of 2024, the Greeks "put it on the line" 21.2 billion euros
"Death number" pedestrian on Iera Odos (video)
Traffic surveillance cameras never "don't go on vacation": fines of 200 euros