A group of researchers at ESET claimed to have discovered an issue in the Telegram app for Android users.
According to the group of researchers, Telegram poses a threat from a fraudulent activity named ‘zero-day.’ This threat is believed to allow fraudsters to share harmful files that look quite similar to regular videos. As soon as you click on the video, the harmful file automatically gets downloaded to your device. This eventually creates issues in your Android phones.
Decoding ‘zero-day’
The researchers explained that the exploit was found being sold on a secret online forum in June 2024. ESET researcher Lukas Stefanko and his team said that they found this exploit while looking through secret online forums. They saw a seller showing pictures and a video of how the exploit works in a public Telegram channel. ESET then found this channel and got hold of the harmful file to test it.
The researcher’s also found out that the fraudulent activity works on older versions of Telegram. To be specific mainly on those before version 10.14.5.But how does the malware works.Given below is how it works:
- The hackers can use this exploit, named “EvilVideo,” to send dangerous files that appear as harmless 30-second videos.
- After that these files are shared in Telegram channels, groups, or private chats.
- Usually when someone receives a video on Telegram, it downloads automatically.
- Furthermore, if a user has this setting turned on, the harmful file gets downloaded as soon as they open the chat.
The safe road ahead
According to sources, ESET had discovered this problem on June 26, 2024, and immediately informed Telegram. However, Telegram did not respond at first. Then again on July 4, ESET reported about the exploit and this time, Telegram responded quickly.
It is believed that Telegram confirmed that they were looking into the issue and plans to initiate safety structures. Furthermore, Telegram fixed the problem by releasing a new version of the app, 10.14.5, on July 11, 2024. This update aims to make sure that users are no longer at risk from this exploit if they update their app.
So, how can you stay safe from the exploit? To stay safe, you should update your Telegram app to the latest version.Telegram further highlighted that it is advised to update the app to the latest version from the Play Store right away. To update your telegram app, you need to do the following step:
- You can head over to Telegram app
- Go to Settings
- Click on the ‘About app’ to check the version running on the device
- Now click on ‘update’, to upgrade the app to the new version when it pops up on the screen.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook.
