ESET Discovers Android Zero-Day Telegram Vulnerability That Allows Sending Malicious Files Masquerading as Videos
ESET researchers have discovered a zero-day vulnerability for Telegram for Android, which was sold for sale in an underground forum post on June 6, 2024 for an unspecified price. Exploiting the vulnerability to abuse a vulnerability named EvilVideo by the ESET research team, attackers can share malicious Android payloads through Telegram channels, groups, and chats, and make them appear as multimedia files. It is reported that the vulnerability only applies to Android Telegram versions 10.14.4 and earlier. The vulnerability was fixed on July 11, 2024, after the ESET research team reported it to Telegram, which released the 10.14.5 version on July 11 and notified the ESET research team via email.