ESET Research
Uncovering the Zero-Day Telegram for Android Exploit: The Story of EvilVideo
17 Sep 2024
•
,
1 min. read
Imagine uncovering a zero-day vulnerability in one of the world’s most popular messaging apps – that’s exactly what ESET researcher Lukáš Štefanko did with EvilVideo on Telegram for Android. This exploit, found being sold on an underground forum, allowed attackers to send malicious files disguised as videos. In a recent podcast, Štefanko shared the details of his investigation with ESET Distinguished Researcher Aryeh Goretsky.
The flaw, specific to the Android version of Telegram, presented a significant security risk. The exploit observed was bundled with Android/Spy.SpyMax spyware but could easily be replaced with other malware by cybercriminals.
Discover how ESET researchers reported the vulnerability to Telegram developers, the response timeline, impact on users, and how to stay protected by listening to the full podcast episode.
For more insights on EvilVideo and other threat actor activities, follow ESET Research on X and explore our latest blog posts and white papers on WeLiveSecurity.com. Don’t miss out on future episodes – subscribe on Spotify, Apple Podcasts, or PodBean.
PS: Calling all CTF participants at the 2024 ESET Technology Conference – here’s a hint for the “Radio Broadcast” challenge: podcasts_are_new_books.