1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A dangerous Telegram zero-day could have left users open to attac

    From TechnologyDaily@1337:1/100 to All on Tue Jul 23 18:30:05 2024
    A dangerous Telegram zero-day could have left users open to attack via video

    Date:
    Tue, 23 Jul 2024 18:20:06 +0000

    Description:
    Hackers found a way to spread malware via video clips in Telegram.

    FULL STORY ======================================================================

    Cybersecurity researchers from ESET have warned of a recently-discovered vulnerability in the Android version of the popular instant messaging application Telegram.

    The vulnerability allowed threat actors to deploy malware on the vulnerable devices, and apparently - it was being actively exploited for weeks.

    A threat actor called Ancryno took to a Russian-speaking underground forum in early June 2024, to sell a zero-day exploit for Telegram versions 10.14.4 and older. This drew the attention of ESETs experts, and when a proof-of-concept (PoC) was published, they picked up the malicious payload, analyzed it, and confirmed that it works. Fake prompts

    The vulnerability allowed threat actors to create malicious .APK files (Android installation packages) which, to the recipient, look like a video message. Since Telegram automatically downloads all multimedia, all the
    victim needs to do is open up the chat window to receive the payload.

    Users who disabled the automatic download of multimedia files need to tap on the received message once to trigger the download.

    This leaves the problem of actually running the file, since the APK still needs to be installed. The hackers partially solved it by displaying a fake prompt that the video needs to be played in an external player. Accepting
    this prompt triggers another one which says that Telegram is barred from installing APK files. If the victim ignores all of these red flags, they will end up with the installed malware.

    Further analyzing the threat actors infrastructure, ESET found two malicious payloads hosted online, one that pretends to be Avast Antivirus, and a fake premium mod for xHamster (a website with adult content).

    The researchers reported their findings to Telegrams developers, which came back with a patch on July 11. In its writeup, BleepingComputer points that
    the flaw was running wild for at least five weeks, giving crooks plenty of time to target Telegram users.

    The earliest patched version is v10.14.5. Telegrams desktop app was never vulnerable.

    Via BleepingComputer More from TechRadar Pro Telegram had some major
    security vulnerabilities Here's a list of the best malware removal tools around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-dangerous-telegram-zero-day-could-hav e-left-users-open-to-attack-via-video


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)