Check your Telegram version: you can be hacked just by sending a video
If this version is equal to or higher than the 10.14.5 version we have already mentioned, we have nothing to worry about.
Telegram is the second most used instant messaging platform in the world, just behind WhatsApp. This app will allow us to communicate with others in a much more private way than with the Meta platform. However, as with any other program, or platform, it is not a tool that is free of errors and problems. And the latest one that they have just fixed allowed, no more and no less, to hack any Android smartphone just by sending a video through a chat.
A few hours ago, one of the most serious flaws ever recorded for this program was revealed. This 0-day vulnerability, called “EvilVideo,” allowed any attacker to create malicious files, disguised as videos, with which to infect any smartphone remotely, just by the recipient trying to play the video.
Although it is not known whether the flaw has been exploited on a massive scale on the Internet, it first appeared for sale on a Deep Web forum on June 6 of this year. It was not until June 26 that the vulnerability was finally disclosed, and on July 11 that it was finally fixed.
This is how the cyber attack worked
Although Telegram's security officials have not provided too many technical details, everything points to the fact that the flaw was in how the API takes advantage of the programmatic loading of multimedia files in chats and channels. In this way, it was possible to disguise an APK file (the Android installers) as if it were a video.
When trying to play the video, Telegram will tell us which player we want to open it with. Obviously, it is not a video, but the malicious APK that the pirates have hidden. Therefore, among the options that will appear on Android there will be one that will be to install the app through Telegram. The lack of knowledge of many users can lead to selecting this option.
It is true that in order to infect our mobile with this malware, it is necessary to disable at least two security functions manually on Android: the installation of apps from external sources (in this case, from Telegram), and Google Play Protect. With these two functions activated, we should not worry.
But the problem is not limited to this. It should also be noted that, by default, Telegram downloads all multimedia files automatically as soon as we enter the chat. Therefore, it is possible that, without knowing it, we have downloaded the malicious APK to our phone. Nothing will happen if we do not run it, but it can open the door to other types of attacks by hackers.
Check your Telegram version
Telegram launched a new version of its app on July 9. The new version is “10.14.5”, so to protect ourselves and make sure we are not at risk, it is necessary to download and install this new version from the Play Store.
We can check the version we have installed from the list of apps on our device. If this version is equal to or higher than the 10.14.5 version we have already mentioned, we have nothing to worry about. Otherwise, if we have an older version, we must make sure to update Telegram as soon as possible to be protected.
In principle, this problem should not affect the iOS app, nor Windows, so the rest of the users can rest easy in this regard.