Загрузка видео...

Не удалось загрузить видео

Возникла проблема при загрузке этого видео. Это может быть связано с временными проблемами сети или видео может быть недоступно.

На главную

Exploiting the #EvilVideo vulnerability on Telegram We discovered a 0-day Telegram for Android exploit that allows sending malicious apps disguised as videos ESET Research ESET

Lukas Stefanko

24,289 subscribers

55,814 просмотров • 1 год назад •via X (Twitter)

Наука и технологии Новости и политика Здоровье и велнес #EvilVideo

Anya Rossi• Live Now

Private livecam show

Комментарии: 5

Фото профиля Lukas Stefanko

Lukas Stefanko1 год назад

@ESET We found the EvilVideo exploit being advertised for sale on an underground forum since Jun 6, 2024. Price wasn't included.

Фото профиля Lukas Stefanko

Lukas Stefanko1 год назад

@ESET The exploit rely on the threat actor being able to create a payload that displays an Android app as a video and not as a binary attachment. Once shared in chat, the malicious payload appears as a 30-second video

Фото профиля Lukas Stefanko

Lukas Stefanko1 год назад

@ESET If user tries to play the “video”, Telegram displays a message that it is unable to play it and suggests using an external player. If the user taps the Open button, payload will request to install a malicious app disguised as the external player.

Фото профиля Lukas Stefanko

Lukas Stefanko1 год назад

@ESET Report timeline [06-06-2024] EvilVideo advertised for sale on an underground forum [26-06-2024] Reported to Telegram [11-07-2024] Fixed (v10.14.5)

Фото профиля Oak Investor

Oak Investor1 год назад

@ESETresearch @ESET @telegram @jbfxdotme

Похожие видео

$🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉$

🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉

PT SWARM

15,359 просмотров • 1 год назад

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉

Jerome Colombain | Monde Numérique

102,270 просмотров • 1 год назад

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science

Jean-Michel Jarre

11,382 просмотров • 2 лет назад

BREAKING NEWS 🗣️‼️ ESET NRG Shock

BREAKING NEWS 🗣️‼️ ESET NRG Shock

Overkill Gaming

77,317 просмотров • 3 лет назад

Who’s gonna take home this ESET Gaming PC?

Who’s gonna take home this ESET Gaming PC?

Overkill Gaming

100,906 просмотров • 3 лет назад

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay

Jean-Michel Jarre

28,404 просмотров • 2 лет назад

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,652 просмотров • 2 лет назад

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,609 просмотров • 2 лет назад

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here

Overkill Gaming

285,753 просмотров • 3 лет назад

Follow the guide Go to ESET homepage using your browser and follow this steps

Follow the guide Go to ESET homepage using your browser and follow this steps

Justknight🥷🏿

14,590 просмотров • 1 год назад

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…

İbrahim Melih Gökçek

41,331 просмотров • 1 год назад

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:

International Cyber Digest

77,014 просмотров • 9 месяцев назад

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 просмотров • 2 лет назад

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!

Overkill Gaming

102,764 просмотров • 3 лет назад

This NRG Shock and ESET Gaming Setup can be yours! 💪

This NRG Shock and ESET Gaming Setup can be yours! 💪

Overkill Gaming

463,750 просмотров • 3 лет назад

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝

AFC Bournemouth 🍒

12,200 просмотров • 1 год назад

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

Mobile Hacker

55,009 просмотров • 8 месяцев назад

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇

sagitz

13,720 просмотров • 1 год назад

What do 2 hackers do when they are losing with aimbot/wallhack/speedhack? State of EU SMITE Rama & Eset the hackers

What do 2 hackers do when they are losing with aimbot/wallhack/speedhack? State of EU SMITE Rama & Eset the hackers

Adapting

22,398 просмотров • 2 лет назад

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?

İbrahim Melih Gökçek

26,062 просмотров • 1 год назад