Evilvideo

EvilVideo is a zero-day vulnerability discovered by ESET researchers in the Telegram app for Android. This flaw in software design or implementation allows attackers to send malicious APK payloads disguised as videos, exploiting Telegram's default setting of automatically downloading media files. The vulnerability was first discovered on June 6, when an advertisement for the exploit was found on a Russian-language hacker forum by ESET malware researcher Lukáš Štefanko. Attackers can exploit the EvilVideo vulnerability to distribute malicious files posing as videos through various Telegram channels, groups, and chats. By making them appear as legitimate multimedia files, unsuspecting users are tricked into installing a malicious app that impersonates a multimedia file. This provides initial device access to Android malware, further compromising user security. The discovery and detailed report of the EvilVideo vulnerability by ESET Research underscore the importance of continual vigilance and research in cybersecurity. Users are advised to follow ESET Research for updates on this issue and other threat actors. For more information, check out their latest blog posts and white papers on WeLiveSecurity.com, or subscribe to their podcast on Spotify, Apple Podcasts, or PodBean.