How hackers exploited a Telegram weakness to send malware file via chat
The Hindu
A report found a weakness in the Telegram app which was then exploited by hackers to send malicious files via chat.
A critical security flaw in the encrypted messaging app Telegram was reportedly exploited by attackers to spread malicious files as harmless-looking videos. Called EvilVideo, the flaw was found in the mobile app for Android and allowed malicious actors to embed malware within videos. The exploit appeared for sale on an underground forum on June 6, 2024, according to ESET’s research team, after which the app disclosed it on June 26. The issue was finally addressed by Telegram in version 10.14.5 released on July 11.
Attackers were able to hide a malicious APK file in a 30-second clip which when clicked on showed a warning saying that the video couldn’t be played and urged them to play it on an external player. When they proceed, users will be asked to okay an installation of an APK file called ‘xHamster Premium Mod,’ through Telegram.
Security researcher Lukas Stefanko explained in a blog that attackers used Telegram’s API to make the payload and that by default media received via Telegram download automatically. So, users will find the malicious payload downloaded as soon as they open the conversation.
While there’s still no news around the culprits of the attack, it is known that the same actor advertised a fully undetectable Android crypter that can reportedly bypass Google Play Protect.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
A spokesperson for the app responded to the ESET report saying the exploit wasn’t a vulnerability on Telegram since it would require users to manually open the video and install the app. They noted that they had received a report about the exploit on July 5 and deployed a server-fix on July 9 on all versions.
A couple of days ago, the company’s founder Pavel Durov said that they’ve touched 950 million active users and aims to cross the 1 billion mark this year. Telegram also plans to launch an app store and an in-app browser with support for Web3 pages later this month.
A series of events in Chennai would bring various stakeholders working in the waste management sector to invest in revenue-generating projects where women could be upskilled and made part of the circular economy
Andhra Pradesh mandates bi-monthly e-waste collection drives to enhance recycling and reduce environmental risks from hazardous electronics.
Experience the vibrant art and cultural dialogue at Aspinwall House during the Kochi-Muziris Biennale, showcasing diverse artistic expressions.
Three killed in Bapatla district as a truck carrying coconuts plunges into a canal; investigation underway.
Ipseity Diagnostics partners with Vignan University to enhance molecular research and diagnostic solutions in Andhra Pradesh.
‘Value-based education is the need of the hour’
Civil society group urges Karnataka government for broader consultation on the controversial Hate Speech Bill.
Sudha Murty to be the chief guest at Andhra University's alumni meet on December 13, focusing on women empowerment.
Join authors Manu Pillai, Neha Dixit, and Arundhati Ghosh for insightful discussions on feminism, history, and polyamory at Lit For Life.
Urvashi Cinema faces potential closure due to ongoing land litigation, threatening its 50-year legacy in Bengaluru's film scene.
Labour Ministry clarifies that PF contributions above ₹15,000 are voluntary under the new Code on Social Security.
Shorts News:Watch: BJP government influencing judiciary, only left unity can defeat them: CPI(M) TN Secy P. Shanmugam
Declaration of the local body polls results will be done on December 13