Cybersecurity researchers at ESET have discovered a critical vulnerability in the Telegram app for Android phones. The vulnerability, called a “zero-day exploit,” allows hackers to send malicious files that look like normal videos through Telegram chats. The exploit was found being sold on a secret online forum in June 2024.

This is how it works: Hackers can use this exploit called “EvilVideo” to send dangerous files that appear as harmless 30-second videos. These files are shared in Telegram channels, groups, or private chats. Normally, when a person receives a video on Telegram, it gets downloaded automatically. So, if a user has this setting turned on, the harmful file gets downloaded as soon as the chat is opened.

ESET researcher Lukas Stefanko and his team discovered this exploit while searching secret online forums. They also saw a vendor showing pictures and videos of how the exploit works in a public Telegram channel. ESET then found this channel and took possession of the harmful file to test it.

Their tests showed that this exploit works on older versions of Telegram, specifically those before version 10.14.5. It seems that hackers used the Telegram API, a tool that developers use to create and upload content to Telegram, to make these harmful files look like videos instead of regular app files. When a person tries to play the “video”, Telegram says it cannot play the video and suggests using another app. If the user agrees, he is tricked into installing a harmful app.

ESET discovered the issue on June 26, 2024, and immediately notified Telegram. However, there was no response at first. ESET reported it again on July 4 and this time, Telegram responded immediately, confirming that they were looking into it. Telegram fixed the issue by releasing a new version of the app, 10.14.5, on July 11, 2024. This update ensures that users are no longer at risk of this exploit if they update their app.

To stay safe, users should update their Telegram app to the latest version. For more detailed information, ESET has posted a blog titled “Cursed Tape: Exploiting the EvilVideo vulnerability in Telegram for Android” on its website WeLiveSecurity.com. Additionally, users can follow ESET Research on Twitter (now called X) for the latest updates.

In short, this exploit was a serious threat as it could lead people to download harmful files by opening the chat. But due to ESET’s quick action and Telegram’s response, the issue has been fixed in the latest app update. Make sure to keep your apps updated to stay safe from such threats.