ESET research
ESET researchers discuss how they discovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files masquerading as videos
September 17, 2024
•
,
1 min read
Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher Lukáš Štefanko came across one such exploit – which ESET called EvilVideo – being sold on an underground forum and went in to investigate and report it.
Speaking to our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes the findings of his analysis, including the fact that the bug only affected the Android version of the app, but not the Windows and iOS versions.
He also explained that in the proof of concept he analyzed, the exploit was bundled with an off-the-shelf spyware called Android/Spy.SpyMax, but which could be swapped for other malware of the attacker’s choice.
To find out how Telegram developers responded when ESET reported the vulnerability, how long it took to fix the issue, how many victims were found, or what users and businesses can do to stay safe, listen to the latest episode of the ESET Research podcast.
For a detailed report on EvilVideo or on the activities of numerous threat actors, follow ESET Research X (formerly known as Twitter) and view our latest blog posts and whitepapers on WeLiveSecurity.com. If you like what you hear, subscribe for more Spotify, Apple podcastsor PodBean.
PS: For those of our listeners attending the 2024 ESET Technology Conference and playing along with our capture the flag game, the flag for the CTF challenge called “Radio Broadcast” is: podcasts_are_new_books.
