A recent alert has emerged for Android users, particularly those utilizing Telegram, as a new form of malware has been discovered. This threat involves seemingly innocuous videos attached to messages that conceal malicious code, which activates upon download. With Telegram boasting a user base of over a billion, the warning serves as a crucial reminder to exercise caution.
Understanding the Vulnerability
The attack capitalizes on the way Telegram processes media files. According to a report from Cti Monster, the core issue lies in how the ‘.htm’ file format is perceived by Telegram’s servers, mistakenly identified as a video. This misclassification allows the HTML code to be executed in a browser environment, thereby triggering the malicious content.
This particular strain of malware, known as EvilLoader, follows a previous variant called EvilVideo. It enables attackers to download and execute additional harmful payloads on compromised devices. Users whose phones fall victim to this malware can expect serious repercussions, including theft of credentials, private data, and the installation of banking trojans.
As the threat landscape evolves, it is essential for users to remain vigilant. The malware is designed to bypass standard security measures, redirecting users to their default browsers or prompting them to open the file as an HTML document. This action allows malicious JavaScript to execute, sending the user’s IP information directly to the attacker’s server.
Staying Protected
Since its initial emergence, EvilLoader has adapted to check for sandbox environments, indicating that it is aware of security analysts’ efforts to dissect it. Additionally, the malware has been known to generate fake security warnings, tricking users into altering their device settings. This development underscores the need to revisit the original CVE-2024-7014 patch released last year.
To safeguard against this threat, Telegram users are advised to ensure they are using the latest version of the app and to remain cautious about downloading video files from unfamiliar sources. In response to the situation, Telegram has clarified that this exploit does not represent a flaw within their platform. Instead, it requires users to take specific actions that compromise their device’s security. The company has implemented a server-side fix to enhance protection for all Telegram users.
