A dangerous Telegram zero-day could have left users open to attack via video

Cybersecurity researchers from ESET have warned of a recently-discovered vulnerability in the Android version of the popular instant messaging application Telegram.

The vulnerability allowed threat actors to deploy malware on the vulnerable devices, and apparently – it was being actively exploited for weeks.

A threat actor called Ancryno took to a Russian-speaking underground forum in early June 2024, to sell a zero-day exploit for Telegram versions 10.14.4 and older. This drew the attention of ESET’s experts, and when a proof-of-concept (PoC) was published, they picked up the malicious payload, analyzed it, and confirmed that it works.

Fake prompts

The vulnerability allowed threat actors to create malicious .APK files (Android installation packages) which, to the recipient, look like a video message. Since Telegram automatically downloads all multimedia, all the victim needs to do is open up the chat window to receive the payload.

Users who disabled the automatic download of multimedia files need to tap on the received message once to trigger the download.

This leaves the problem of actually running the file, since the APK still needs to be installed. The hackers partially solved it by displaying a fake prompt that the video needs to be played in an external player. Accepting this prompt triggers another one which says that Telegram is barred from installing APK files. If the victim ignores all of these red flags, they will end up with the installed malware.

Further analyzing the threat actor’s infrastructure, ESET found two malicious payloads hosted online, one that pretends to be Avast Antivirus, and a fake “premium mod” for xHamster (a website with adult content).

The researchers reported their findings to Telegram’s developers, which came back with a patch on July 11. In its writeup, BleepingComputer points that the flaw was running wild for at least five weeks, giving crooks plenty of time to target Telegram users.

The earliest patched version is v10.14.5. Telegram’s desktop app was never vulnerable.

Via BleepingComputer

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/DWxSjaLMMxC27XHQ5jrJJX-1200-80.jpg

Source link

Celebrate Apple’s 50th birthday with these deals on watches and AirPods

ChatGPT comes to Apple CarPlay but only if you are willing to talk to a robot

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

What Is Birthright Citizenship? A Closer Look at the 14th Amendment – Hollywood Life

‘The Masked Singer’ Crowns Winner: Galaxy Girl Unmasked

What the Cameras Didn’t See (Exclusive)

Vir Das Sets Found-Footage Horror Film ‘Baara Number’

Hopes dim for swift end to Iran war after Trump speech, oil prices surge anew

Asia stocks dip as Trump flags Iran war escalation; S.Korea leads losses

Indonesia earthquake damages buildings, but tsunami alerts have been lifted

IBM partners with Arm to develop dual-architecture hardware

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

A dangerous Telegram zero-day could have left users open to attack via video

What Is Birthright Citizenship? A Closer Look at the 14th Amendment – Hollywood Life

Hopes dim for swift end to Iran war after Trump speech, oil prices surge anew

‘The Masked Singer’ Crowns Winner: Galaxy Girl Unmasked

Asia stocks dip as Trump flags Iran war escalation; S.Korea leads losses