About the “EvilVideo” vulnerability in Telegram for Android. The post was published on the ESET blog. They stated that the exploit is for sale on the Dark Net.
🔻 The attacker creates a payload, which is displayed in Telegram for Android not as a file, but as a video preview. By default, media files in Telegram are downloaded automatically when the user sees a message in a chat. This payload will also be downloaded automatically as well.
If the user clicks on the preview, he sees a Telegram error asking him to use an external media player.
If the user agrees, an attempt is made to install the APK.
If the user allows the installation of APK from Telegram and clicks on the preview again, a window appears to confirm the installation of the application.
If the user presses “install”, the malware installs. 👾
🎞 There is a video demo.
🔻 Fixed in 10.14.5, older versions are vulnerable.
This is far from 0click, but with good social engineering, the efficiency can be high.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.