ESET researchers have uncovered a zero-day vulnerability named “EvilVideo” that targets Telegram for Android, enabling attackers to send malicious payloads disguised as video files. On June 6, 2024, a zero-day exploit targeting Telegram for Android appeared for sale on an underground forum. This exploit, leveraging a vulnerability named “EvilVideo,” was tested by ESET researcher Lukas … The post Telegram for Android Hit by Zero-Day “EvilVideo” Exploit appeared first on RestorePrivacy.
Once the user attempts to play the video, Telegram displays a message indicating it cannot play the file and suggests using an external player. If the user follows this suggestion, they are prompted to install a malicious app disguised as an external player. This app, detected as Android/Spy.SpyMax.T, is downloaded as an apparent video file with an .apk extension. The exploit’s nature misleads the Telegram preview into displaying the file as a video, even though it is an APK.
It requires user input
And the “video” isn’t even an APK. God, who writes this stuff?