Full Report
ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos
Analysis Summary
The provided article discusses an ESET Research podcast summarizing the discovery and analysis of a zero-day vulnerability in Telegram for Android, codenamed **EvilVideo**. Since the source is an announcement of a podcast discussion, detailed remediation steps, specific CVEs, and PoC complexity are inferred or noted as discussed within the linked content, which is not fully provided here.
# Vulnerability: Telegram for Android Zero-Day Exploit (EvilVideo)
## CVE Details
- CVE ID: Not explicitly provided in the summary snippet. *(Likely designated after ESET's responsible disclosure.)*
- CVSS Score: Not explicitly provided in the summary snippet.
- CWE: Not explicitly provided in the summary snippet.
## Affected Systems
- Products: Telegram application
- Versions: Telegram for Android (iOS and Windows versions are noted as unaffected)
- Configurations: Specific conditions not detailed, but related to file handling/video processing within the application.
## Vulnerability Description
The vulnerability, named **EvilVideo**, is a zero-day exploit affecting the Android version of the Telegram application. It allows an attacker to send malicious files disguised as videos. Successful exploitation likely allows the delivery and potential execution of arbitrary malware (the analyzed PoC used Android/Spy.SpyMax spyware).
## Exploitation
- Status: Zero-day exploit observed being **sold on an underground forum**.
- Complexity: Not specified, but generally, zero-day exploits sold underground suggest potential complexity, though the analysis of the PoC is available.
- Attack Vector: Likely **Network** (via sending a message/file over the chat service).
## Impact
The impact is severe as it leverages a major messaging platform to distribute malware.
- Confidentiality: High (if spyware is executed)
- Integrity: High (if arbitrary code execution/malware is installed)
- Availability: Medium to High (depending on the payload)
## Remediation
### Patches
- Information on the specific patch version or release timeline is **discussed in the linked podcast/detailed report**, not fully present here. Users should check official Telegram security advisories for fixes related to this zero-day.
### Workarounds
- Users are advised to **listen to the podcast** for specific guidance on staying safe. General mitigation advice would include updating the application immediately upon patch release.
## Detection
- Detection methods are likely detailed in the full ESET report referenced.
- Indicators of compromise would be tied to the execution of the payload (e.g., unusual network activity from the Telegram app process).
## References
- ESET Research Finding: hxxps://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
- ESET Podcast Subscription Links (Spotify, Apple Podcasts, PodBean)