Another Telegram zero-day vulnerability is reportedly being exploited by hackers to deploy video malware to Android users to gain access to people's devices.
First noted by cybersecurity firm ESET via Bleeping Computer, the exploit, dubbed as "EvilVideo," allows hackers to send embedded videos to victims that could install the malware with just "one click."
(Photo : Carl Court/Getty Images)
In reality, the exploit only works if users enable the auto-install feature for opening media in messages. If not, people will have to click the blurred media for the content to download.
Even if users click the media to play, their device's built-in security system would still require users to approve the download and installation before the malware ever infiltrates the Android phones.
Due to the additional steps needed to infiltrate devices, researchers noted that hackers are less likely to be successful in exploiting the vulnerability.
Telegram has already started an investigation into the zero-day vulnerability. A fix patch is expected to be released within the next five weeks.
Also Read: Telegram Bot Being Used by Hackers for Large-scale Phishing Scams
Telegram Exploits Leveraged by Hackers to Target Random Users
This was not the first time a Telegram vulnerability was exploited to target susceptible victims.
In fact, several Telegram app exploits have been discovered over the years that could pose a danger to many people dependent on the app for businesses.
Common targets are people using the app for financial transactions, usually for discount deals, cryptocurrency purchases, and illegal products.
The platform has since patched out the exploits as cybercrime groups look for more vulnerabilities in the platform riddled with glitches and security issues.
Related Article: Hackers Exploit iPhone Vulnerabilities Over 4-Year Cyberattack Campaign
How to Protect Data Privacy from Telegram Exploits?
The best way to protect oneself from the various Telegram hacking exploits is to limit the platform's access to user files and device systems.
All of these can be customized and adjusted in the platform's settings and even in the device app management controls.
Restricting Telegram's access to financial accounts and important user profiles is better than allowing the app to be used by hackers to infiltrate people's privacy.
