Malicious Apps Disguised as Videos Attack Telegram for Android
CVE-2024-7014

Currently unrated

Key Information:

Vendor
Android
Status
Telegram For Android
Vendor
CVE Published:
23 July 2024

Badges

๐Ÿฅ‡ Trended No. 1๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 4,620๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 29%๐Ÿ“ฐ News Worthy

What is CVE-2024-7014?

CVE-2024-7014 is a vulnerability affecting the Telegram application for Android, specifically versions 10.14.4 and older. This flaw, referred to as the EvilVideo vulnerability, allows cybercriminals to disguise malicious applications as videos sent through the messaging platform. Such an exploit can significantly impact an organization by enabling unauthorized access to devices and potentially leading to wider system compromises.

Technical Details

The EvilVideo vulnerability operates by exploiting the way Telegram handles media files. Attackers can modify the application payload to appear as a harmless video, tricking users into executing the malicious software upon download. This vulnerability underscores inherent security weaknesses in the handling of file types within the Telegram application, making it an enticing target for attackers seeking to exploit user trust in essential communication tools.

Potential impact of CVE-2024-7014

  1. Unauthorized Access: An exploited vulnerability may give attackers control over user devices, allowing them to access sensitive information such as personal data or organizational credentials.

  2. Malware Distribution: The ability to send disguised malware can lead to larger scale infections across organizational networks, increasing the risk of significant data breaches and operational disruption.

  3. Reputation Damage: Organizations relying on secure communication platforms like Telegram may face reputational harm if their users are compromised, as trust in their security practices could be questioned by clients and partners alike.

Affected Version(s)

Telegram for Android Android 0 <= 10.14.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PoC-for-CVE-2024-7014-Exploit
Created by absholi7ly

News Articles

favicon imageCybersecurityNews

Telegram EvilVideo Vulnerability Exploited to Execute Malicious Code on Victim Device

A critical evolution of the CVE-2024-7014 vulnerability, originally patched in July 2024, has resurfaced with updated tactics.

3 weeks ago

favicon imageGBHackers News

Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on Victimsโ€™ Devices

A newly documented exploitation technique targeting Telegramโ€™s file-sharing infrastructure has raised alarms in cybersecurity circles.

3 weeks ago

References

https://www.welivesecurity.com/en/eset-research/cursed-ta...

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿฅ‡

    Vulnerability reached the number 1 worldwide trending spot

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lukas Stefanko, ESET
.