ESET Research

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

17 Sep 2024
 • 
,
1 min. read

Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher Lukáš Štefanko ran into one such exploit – which ESET named EvilVideo – being sold on an underground forum and went in to explore and report it.

In the discussion with our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes the findings of his analysis, including the fact that the flaw affected only the Android version of the app but not the versions for Windows and iOS.

He also detailed that in the proof of concept he analyzed, the exploit was bundled with an off-the-shelf spyware called Android/Spy.SpyMax but that could be swapped for any other malware of the attacker’s choice.

If you want to know how Telegram developers reacted to ESET reporting the vulnerability, how long it took to fix, how many victims were found, or what users and companies can do to stay safe, listen to the latest episode of the ESET Research podcast.

For a detailed report on EvilVideo or on the activities of numerous threat actors, follow ESET Research on X (formerly known as Twitter) and check out our latest blogposts and white papers on WeLiveSecurity.com. If you like what you hear, subscribe for more on Spotify, Apple Podcasts, or PodBean.

PS: For those of our listeners who are attending the 2024 ESET Technology Conference and playing along with our game of capture the flag, the flag for the CTF challenge named “Radio Broadcast” is: podcasts_are_new_books.