Telegram zero-day allowed sending malicious Android APKs as videos
A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.
A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, in a post on the Russian-speaking XSS hacking forum, stating the flaw existed in Telegram v10.14.4 and older.
ESET researchers discovered the flaw after a PoC demonstration was shared on a public Telegram channel, allowing them to obtain the malicious pa...
Read more at bleepingcomputer.com