TeamHood 
A significant security flaw in the Telegram mobile app for Android, identified as EvilVideo, has been exploited to distribute malware camouflaged as video files. This vulnerability, discovered by ESET, was available for sale on an underground forum from June 6, 2024, until it was responsibly disclosed to Telegram on June 26. The flaw was patched in version 10.14.5 of the app, released on July 11.
The Exploit Mechanism
Attackers leveraged Telegram’s API to upload malicious APK files disguised as 30-second videos. Upon attempting to play these videos, users received a warning that prompted them to use an external player, which then led to the installation of the malware-laden APK, labeled “xHamster Premium Mod.” This method bypassed Telegram’s automatic media download feature, posing a significant risk to users.
Impact and Distribution
This exploit only affected the Android version of Telegram, leaving web and Windows clients unaffected. The malicious files were spread through Telegram channels, groups, and individual chats, making them appear as legitimate multimedia content. The extent of the exploit’s usage in real-world attacks remains unclear.
Related Exploits and Malware Trends
In a related development, cybercriminals have been exploiting the popularity of the Telegram-based game “Hamster Kombat.” Fake app stores and GitHub repositories have been promoting malicious versions of the game. One such malware, Ratel, masquerades as the game, requesting notification and SMS access to control infected devices and conceal its activities.
Evolving Threats and Protections
The discovery of BadPack, a technique to obscure malicious APK files, highlights the ongoing evolution of threats targeting Android devices. This method modifies the ZIP archive headers to evade static analysis, complicating the detection of malicious files. Recent reports have linked BadPack to various banking Trojans, emphasizing the need for robust cybersecurity measures.
Conclusion
The EvilVideo flaw underscores the critical need for vigilance in app security, particularly for widely-used platforms like Telegram. Users are urged to update their apps regularly and be cautious of unsolicited multimedia files, while developers must prioritize rapid response to vulnerabilities to safeguard user data and device integrity.
