The "EvilVideo" exploit in Telegram for Android has been identified and patched, highlighting the importance of keeping apps updated to protect against security threats. (Unsplash)

Major security flaw in Telegram’s Android app has been fixed

A major security flaw in the Telegram app for Android devices has been discovered by cybersecurity experts at ESET. This vulnerability, known as a “zero-day exploit,” enables attackers to send harmful files disguised as normal videos through Telegram chats. Referred to as “EvilVideo,” this exploit was found on a clandestine online forum in June 2024.

Read more: Amazon sale: Best deals on laptops and gaming monitors from HP, Lenovo, MSI and more

How “EvilVideo” utility works

The attack allows hackers to distribute malicious files disguised as innocent 30-second videos. These files can be sent via Telegram channels, groups or private chats. Usually, when users receive videos on Telegram, they are automatically downloaded if the setting is enabled. As a result, the malicious file is downloaded as soon as the recipient opens the conversation.

ESET researcher Lukas Stefanko and his team discovered this exploit while monitoring secret online forums. They met with a vendor who demonstrated the functionality of the exploit on a public Telegram channel. ESET later used this channel and obtained the malicious file for testing. Their experiments confirmed that the exploit affected older versions of Telegram, specifically version 10.14.5. The hackers used the Telegram API, a tool that allows developers to create and upload content, to disguise these malicious files as videos. When users tried to play the “video”, Telegram reported playback problems and suggested using another app, leading to the installation of a malicious app if the user followed the instructions.

Read more: 10 Netflix tips and tricks: From hidden menus to secret features, how to get the most out of your subscription

Telegram response and correction

ESET discovered this issue on June 26, 2024 and immediately reported it to Telegram. At first there was no answer. However, after the second report on July 4, Telegram quickly responded and launched an investigation. The issue was resolved when the new app version 10.14.5 was released on July 11, 2024. This update ensures that users are no longer vulnerable to this exploit if they update their app.

To maintain security, users should update their Telegram app to the latest version. Detailed information can be found in ESET’s blog post titled “Cursed Tapes: Exploiting the EvilVideo Vulnerability in Telegram for Android” on WeLiveSecurity.com. In addition, ESET Research provides updates on Twitter (currently X).

Read more: iPhone prices to drop in India after Union Budget 2024? 5 questions answered

The “EvilVideo” exploit posed a serious threat by tricking users into downloading malicious files just by opening a chat. Thanks to the quick action of ESET and Telegram, the vulnerability has been fixed in the latest application update. Users are advised to keep their applications up-to-date to protect themselves from such threats.