Hackread reports that Telegram for Android users have been urged to immediately update the instant messaging app following the exploitation of the zero-day flaw dubbed "EvilVideo," which enabled the concealment and distribution of malware in the form of video files.
Attackers behind the exploit may have leveraged Telegram API to create a payload masquerading as a 30-second video, which when clicked triggers a message suggesting the use of another player that includes an "Open" button that facilitates the injection of the malicious app, according to an analysis from ESET, which identified and reported the vulnerability to Telegram in late June. However, the EvilVideo exploit does not result in a compromise on Telegram Desktop for Windows and Telegram Web. Further analysis revealed another Android cryptor-as-a-service being offered by the EvilVideo actor, who touted the payload to be fully undetectable in hacking forum posts since January.
