A new zero-day vulnerability in Telegram for Android, dubbed EvilLoader, has been uncovered by malware analyst 0x6rss.
This exploit enables threat actors to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users’ devices.
The vulnerability, which remains unpatched in the latest Telegram for Android version 11.7.4, allows attackers to manipulate Telegram’s handling of video files.
By crafting an HTML file with an MP4 extension, attackers can trick Telegram into misidentifying it as a legitimate video file.
When a user attempts to play this specially crafted “video,” Telegram prompts them to open the file in an external application, potentially leading to the installation of malicious software.
Alarmingly, the payload for EvilLoader has been available for sale on underground forums since January 15, 2025.
This accessibility to cybercriminals worldwide significantly increases the risk of widespread abuse.
The exploit’s availability on these marketplaces enables threat actors to easily obtain and deploy it against unsuspecting Telegram users.
EvilLoader bears a striking resemblance to a previous vulnerability called EvilVideo, disclosed in July 2024 and tracked as CVE-2024-7014.
Both exploits operate similarly, allowing attackers to manipulate video files to deliver malicious APKs.
The recurrence of such vulnerabilities highlights the ongoing security challenges faced by messaging platforms.
While Telegram has been notified of the vulnerability, users are advised to take precautionary measures.
These include staying alert for security updates, disabling auto-download of media files in Telegram settings, avoiding untrusted media files, and using reputable mobile security software capable of detecting malicious APKs.
The discovery of EvilLoader underscores the critical need for robust security measures in messaging applications, especially those handling media files.
As the vulnerability remains unpatched and actively exploited, Telegram users must exercise extreme caution when handling media files to protect their devices from potential compromise.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
Orange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline…
Traffic Distribution Systems (TDS) have emerged as critical tools for both legitimate and malicious purposes,…
Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their…
Trend Micro's Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack…
Kudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat…
HUMAN's Satori Threat Intelligence and Research team has uncovered a complex cyberattack dubbed "BADBOX 2.0,"…