Socialpost

Complete News World

Beware of a security vulnerability in the Telegram app for Android

Beware of a security vulnerability in the Telegram app for Android

pts20240723007 Research/Development and Technology/Digitalization

Security flaw leaves Android users vulnerable to cyber attacks

Gina (pts007/07/23/2024/08:30)

Along with Whatsapp, Telegram is one of the most popular messaging services in the world: Stolze 900 million users The app is currently showing. In Germany it reached 4th place in 2023. Most popular messengerAs ESET researchers have now discovered, Telegram for Android users were at risk: Lukas Stefanko’s team discovered a vulnerability, that is, a potential unpatched security hole, in the Telegram for Android app. Hackers were able to exploit the vulnerability. ESET researchers have dubbed it “EvilVideo.” EvilVideo allowed attackers to spread malware via Telegram channels, groups, and chats by disguising it as multimedia files. The vulnerability has been closed in the latest version of Telegram (10.14.5).

“We found an exploit that was for sale on an underground forum,” explains Lukáš Štefanko, a researcher at ESET. “In the forum post, the seller shows screenshots and a video of testing the vulnerability in a public Telegram channel. We were able to identify the relevant channel where the exploit was still available. This is how we obtained the criminals’ tools and they were able to use them to investigate the action.”

This is how the Telegram exploit works

This exploit works on Telegram versions 10.14.4 and earlier. The malicious app that ESET researchers found on the forum was likely built using the Telegram API. This allows developers to upload specially crafted multimedia files to Telegram chats or channels. The core of the exploit was the Android app’s ability to display certain media as a preview instead of an attachment: once a hacker shared a malicious message in a chat, it was shared as a preview of a 30-second video.

See also  WhatsApp: New Beta provides information on unique usernames

Once the user tries to play the “video” in the message, Telegram displays a message stating that playback is not possible and suggests using an external player. When the user then clicks on the “Open” button in the message that appears, it prompts them to install an app disguised as the aforementioned external app. This is whatever malicious code the hackers wanted to install on their victims’ devices. To do this, the user would probably have to enable the installation of apps from external sources in Android settings.

Auto-download function plays into the hands of hackers

The automatic media download feature is enabled by default in the Telegram app. This means that users automatically download the malicious code as soon as they open the corresponding conversation. If users deactivate this option, they can only download the malware manually.

The danger was recognized, and the danger was avoided.

ESET reported the EvilVideo vulnerability for Telegram on June 26 and July 4, 2024. The issue was later fixed and Telegram released version 10.14.5 on July 11. The vulnerability affected all versions of the Messenger app for Android up to version 10.14.4.

“Users should definitely make sure their Telegram app is up to date,” Stefanko advises. “However, most Android devices should automatically download and install app updates.”

For more information about EvilVideo, see our blog post “Don't Look at It: EvilVideo Exploit Targets Android Users“On WeLiveSecurity.com.

(end)