A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "Attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files," security researcher Lukáš Štefanko said in a report. It's believed that the payload is concocted using Telegram's application programming interface (API), which allows for programmatic uploads of multimedia files to chats and channels. In doing so, it enables an attacker to camouflage a malicious APK file as a 30-second video. Users who click on the video are displayed an actual warning message stating the video cannot be played and urges them to try playing it using an external player. Should they proceed with the step, they are subsequently asked to allow installation of the APK file through Telegram. The app in question is named "xHamster Premium Mod." "By default, media files received via Telegram are set to download automatically," Štefanko said. "This means that users with the option enabled will automatically download the malicious payload once they open the conversation where it was shared." While this option can be disabled manually, the payload…Read More