Attackers exploit “EvilVideo” Telegram zero-day to hide malware

Telegram has fixed a zero-day vulnerability found in older versions of the Android chat and media sharing application that could allow attackers to hide malicious payloads in video files.

Researchers at ESET Research discovered the vulnerability, which they named “EvilVideo,” after finding an advertisement for it on a Russian-language hacker forum on June 6. The vulnerability works in Telegram versions 10.14.4 and earlier.

“The exploit allows attackers to share a malicious Android payload via Telegram channels, groups and chats and display it as a multimedia file,” ESET malware researcher Lukas Stefanko explained in a post on ESET's WeLiveSecurity blog.

According to ESET, the exploit appears to rely on the threat actor being able to craft a payload that displays an Android app as a multimedia preview rather than a binary attachment: When shared in chat, the malicious payload (whose behavior is unspecified) appears as a 30-second video.

The researchers believe that attackers used the Telegram API to create their specific payload, “as this allows developers to programmatically upload specially crafted multimedia files to Telegram chats and channels,” Štefanko wrote.

ESET immediately reported the vulnerability and flaws to Telegram, but after initially receiving no response, the researchers contacted the company again on July 5. Telegram responded to the second contact, publishing a server-side fix for its Android app versions 10.14.5 and above on July 11. Users should update their apps immediately to avoid being compromised.

Exploitation requires user action

Media files received by Telegram users are set to automatically download. If a user with this option turned on by default receives a media file containing a malicious payload, the download will begin as soon as they open the conversation in which the file was shared. This option can be turned off, in which case users can manually download the media file.

In this exploit, the video appears as a multimedia preview and users must click on it to play it, at which point Telegram displays a message saying it can't be played, suggests using an external player, and gives the user the option to “cancel” or “open” the file. This is a warning specific to Telegram and not specific to the payload, the researchers said.

Once the user taps the “Open” button in the displayed message, a request to install a malicious app disguised as the aforementioned external player will pop up, and the user must approve it to install the malware.

“Interestingly, the fact that the shared file appears to be a video is due to the nature of the vulnerability. The actual malicious app was not modified to disguise itself as a multimedia file, indicating that the upload process was most likely exploited,” Štefanko noted.

ESET tested the exploit on Android as well as the Telegram web client and the Telegram desktop client for Windows, but it did not work on the latter two platforms.

The attackers offer other “shady” services.

While the researchers acknowledge that the additional step of actually installing the suspect external player makes the attack less likely to be successful, threat actors had plenty of time to exploit the vulnerability, with five weeks between the discovery of the flaw and Telegram's fix. Telegram is a primary vector for cyberattacks to take many forms, not just by attackers hacking accounts or delivering malicious files, but also through the various channels and apps available on the platform.

While ESET has not identified who is behind this exploit, it has discovered another “shady service” offered by the seller based on a Telegram handle shared in a forum post: an Android encryption service advertised as “completely undetectable” and on sale since January 11th.

The researchers posted a list of indicators of compromise (IoCs) for the exploit on ESET's GitHub page Mobile users are advised not to download messages received from people they don't know onto their devices, especially unsolicited messages.

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos