Video yükleniyor...

Video Yüklenemedi

Bu video yüklenirken bir sorun oluştu. Bu geçici bir ağ sorunundan kaynaklanıyor olabilir veya video kullanılamıyor olabilir.

Ana Sayfaya Dön

Exploiting the #EvilVideo vulnerability on Telegram We discovered a 0-day Telegram for Android exploit that allows sending malicious apps disguised as videos ESET Research ESET

Lukas Stefanko

24,289 subscribers

55,814 görüntüleme • 1 yıl önce •via X (Twitter)

Bilim & Teknoloji Haberler & Politika Sağlık & İyilik #EvilVideo

Anya Rossi• Live Now

Private livecam show

5 Yorum

Lukas Stefanko profil fotoğrafı

Lukas Stefanko1 yıl önce

@ESET We found the EvilVideo exploit being advertised for sale on an underground forum since Jun 6, 2024. Price wasn't included.

Lukas Stefanko profil fotoğrafı

Lukas Stefanko1 yıl önce

@ESET The exploit rely on the threat actor being able to create a payload that displays an Android app as a video and not as a binary attachment. Once shared in chat, the malicious payload appears as a 30-second video

Lukas Stefanko profil fotoğrafı

Lukas Stefanko1 yıl önce

@ESET If user tries to play the “video”, Telegram displays a message that it is unable to play it and suggests using an external player. If the user taps the Open button, payload will request to install a malicious app disguised as the external player.

Lukas Stefanko profil fotoğrafı

Lukas Stefanko1 yıl önce

@ESET Report timeline [06-06-2024] EvilVideo advertised for sale on an underground forum [26-06-2024] Reported to Telegram [11-07-2024] Fixed (v10.14.5)

Oak Investor profil fotoğrafı

Oak Investor1 yıl önce

@ESETresearch @ESET @telegram @jbfxdotme

Benzer Videolar

$🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉$

🔥 ESET fixed CVE-2024-7400 found by our researcher Dmitriy Zuzlov! This is an LPE that affects 13 ESET solutions and allows a low-privileged attacker to delete arbitrary files, which can be used to obtain NT AUTHORITY\SYSTEM privileges! The advisory 👉

PT SWARM

15,359 görüntüleme • 1 yıl önce

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉

Les messageries chiffrées sont-elles 100 % fiables ? Benoit Grünemwald (ESET France) #Cybersecurité #Signalgate #Telegram #faille #MondeNumerique Interview complète ici 👉

Jerome Colombain | Monde Numérique

102,270 görüntüleme • 1 yıl önce

Who’s gonna take home this ESET Gaming PC?

Who’s gonna take home this ESET Gaming PC?

Overkill Gaming

100,906 görüntüleme • 3 yıl önce

BREAKING NEWS 🗣️‼️ ESET NRG Shock

BREAKING NEWS 🗣️‼️ ESET NRG Shock

Overkill Gaming

77,317 görüntüleme • 3 yıl önce

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science

Unforgettable memories from last weekend with Dr. Brian May at BRIDGE FROM THE FUTURE. Thank you to ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science

Jean-Michel Jarre

11,382 görüntüleme • 2 yıl önce

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay

Flying drone rocking with Dr. Brian May and me. Thank you ESET and Starmus #Starmus #StarmusVII #StarmusEarth #StarmusFestival2024 #Bratislava #Slovakia #ESET #DigitalSecurity #BridgefromtheFuture #music #science #jeanmicheljarre #brianmay

Jean-Michel Jarre

28,404 görüntüleme • 2 yıl önce

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,652 görüntüleme • 2 yıl önce

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,609 görüntüleme • 2 yıl önce

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here

This is a HUGE PC Giveaway! Thanks to ESET 💪 Enter here

Overkill Gaming

285,645 görüntüleme • 3 yıl önce

Follow the guide Go to ESET homepage using your browser and follow this steps

Follow the guide Go to ESET homepage using your browser and follow this steps

Justknight🥷🏿

14,590 görüntüleme • 1 yıl önce

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…

ESET ASKERLERİ TARAFINDAN AHIR YAPILAN CAMİ ÖZGÜRLÜĞE KAVUŞTU…

İbrahim Melih Gökçek

41,331 görüntüleme • 1 yıl önce

This NRG Shock and ESET Gaming Setup can be yours! 💪

This NRG Shock and ESET Gaming Setup can be yours! 💪

Overkill Gaming

463,634 görüntüleme • 3 yıl önce

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest security mitigations.” Price: 25k POC:

International Cyber Digest

77,014 görüntüleme • 9 ay önce

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 görüntüleme • 2 yıl önce

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!

Thanks to ESET we built something Crazy! A Terrarium Gaming PC with a live Chameleon. AND to celebrate we’re giving away another PC here!

Overkill Gaming

102,764 görüntüleme • 3 yıl önce

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝

Love to see you out helping the community, Alex Scott ❤️ #afcb x ESET 🤝

AFC Bournemouth 🍒

12,200 görüntüleme • 1 yıl önce

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

Mobile Hacker

55,009 görüntüleme • 8 ay önce

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇

I had a lot of fun working on this research! * Unauthenticated RCE? ✅ * Overlooked attack vector in Kubernetes? ✅ * Nginx quirks? ✅ * Stable & reliable exploit? ✅ Check out the thread for details about the vulnerability we found in Ingress Nginx Controller 👇

sagitz

13,720 görüntüleme • 1 yıl önce

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?

ÖZGÜR ÖZEL HAPİSANELERDE ÖLDÜRÜLEN YÜZBİNLERCE ZAVALLI İÇİN ESET PİÇİNE BİRŞEYLER SÖYLEMEYİ DE DÜŞÜNDÜN MÜ?

İbrahim Melih Gökçek

26,062 görüntüleme • 1 yıl önce

What do 2 hackers do when they are losing with aimbot/wallhack/speedhack? State of EU SMITE Rama & Eset the hackers

What do 2 hackers do when they are losing with aimbot/wallhack/speedhack? State of EU SMITE Rama & Eset the hackers

Adapting

22,398 görüntüleme • 2 yıl önce