Loading video...

Video Failed to Load

Go Home

Exploiting the #EvilVideo vulnerability on Telegram We discovered a 0-day Telegram for Android exploit that allows sending malicious apps disguised as videos ESET Research ESET

LukasStefanko's profile picture

Lukas Stefanko

24,274 subscribers

55,818 views • 1 year ago •via X (Twitter)

Science & TechnologyNews & PoliticsHealth & Wellness#EvilVideo
LIVE

Anya Rossi• Live Now

Private livecam show

5 Comments

Lukas Stefanko's profile picture
Lukas Stefanko1 year ago

@ESET We found the EvilVideo exploit being advertised for sale on an underground forum since Jun 6, 2024. Price wasn't included.

Lukas Stefanko's profile picture
Lukas Stefanko1 year ago

@ESET The exploit rely on the threat actor being able to create a payload that displays an Android app as a video and not as a binary attachment. Once shared in chat, the malicious payload appears as a 30-second video

Lukas Stefanko's profile picture
Lukas Stefanko1 year ago

@ESET If user tries to play the “video”, Telegram displays a message that it is unable to play it and suggests using an external player. If the user taps the Open button, payload will request to install a malicious app disguised as the external player.

Lukas Stefanko's profile picture
Lukas Stefanko1 year ago

@ESET Report timeline [06-06-2024] EvilVideo advertised for sale on an underground forum [26-06-2024] Reported to Telegram [11-07-2024] Fixed (v10.14.5)

Oak Investor's profile picture
Oak Investor1 year ago

@ESETresearch @ESET @telegram @jbfxdotme

Related Videos

🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉
0:24

🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉

PT SWARM

15,359 views • 1 year ago

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉
1:00

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉

Jerome Colombain | Monde Numérique

102,270 views • 1 year ago

BREAKING NEWS 🗣️‼️ ESET NRG Shock
0:41

BREAKING NEWS 🗣️‼️ ESET NRG Shock

Overkill Gaming

77,317 views • 3 years ago

Who’s gonna take home this ESET Gaming PC?
0:50

Who’s gonna take home this ESET Gaming PC?

Overkill Gaming

100,906 views • 3 years ago

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay
0:32

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay

Jean-Michel Jarre

28,404 views • 2 years ago

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science
0:40

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science

Jean-Michel Jarre

11,382 views • 2 years ago

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter
0:46

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,652 views • 2 years ago

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability
1:47

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,609 views • 2 years ago

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here
1:16

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here

Overkill Gaming

285,902 views • 3 years ago

Follow the guide Go to ESET homepage using your browser and follow this steps
1:27

Follow the guide Go to ESET homepage using your browser and follow this steps

Justknight🥷🏿

14,590 views • 1 year ago

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…
0:47

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…

İbrahim Melih Gökçek

41,331 views • 1 year ago

This NRG Shock and ESET Gaming Setup can be yours! 💪
1:00

This NRG Shock and ESET Gaming Setup can be yours! 💪

Overkill Gaming

463,903 views • 3 years ago

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!
2:19

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!

Overkill Gaming

102,764 views • 3 years ago

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:
0:53

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:

International Cyber Digest

77,014 views • 10 months ago

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:
1:09

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 views • 2 years ago

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝
2:21

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝

AFC Bournemouth 🍒

12,200 views • 1 year ago

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇
0:29

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

Mobile Hacker

55,072 views • 8 months ago

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇
0:33

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇

sagitz

13,720 views • 1 year ago

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?
1:13

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?

İbrahim Melih Gökçek

26,062 views • 1 year ago

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)
0:31

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

NullSecurityX

93,947 views • 2 months ago