Curiosity killed the cat and can also infect your phone with malware if you decide to play the game. Mysterious videos that strangers send you on Telegram. That’s exactly what security researchers at ESET discovered with a security flaw they dubbed EvilVideo.
This security vulnerability relies on the fact that attackers could send APK files disguised as videoswhich could lead the user to install an app to “watch the video” that was the malware itself. This no longer happens since the most recent Telegram 10.14.5 update.
The video looks like malware is
Every day I receive at least a dozen messages from strangers on Telegram and although they are well collected in the Archived Chats tab, from time to time I look at what is there, in case there is a message that is not a scam or someone. who He thinks he is talking to someone else. Sometimes they send me videos without any explanation, for example about the renovations of their house and about the curiosity drives me to reproduce them
It turns out that until the latest Telegram update, malicious agents They found a way to disguise APKs as videosso that in the chat it appears that they sent you a video, but when you try to play it, the application tells you that it cannot do it and that it is better that you use an external player.
It is normal that Telegram cannot reproduce it, because This is not a video but an APK. So when you ask Telegram to open it with an external drive, it opens the malicious APK. This, if you have never opened APK with Telegram before, requires you to grant Telegram permissions to do so. If you have done this before, you will be presented with the direct installation of the malware.
The problem then is that we think we are installing something necessary to play the videosuch as a codec or a special player, and what we install is the actual malware that the attackers have managed to camouflage. ESET mentions that the APK installed was actually Airbnb Premium Modeven if the technique would allow any other malware to be camouflaged.
ESET Screenshots
What xHamster Premium Mod does depends on the appropriate malware, though most malware on Android today involves tricking users into enabling accessibility services. From there, it could be used to steal data and passwords, access banking information, and more. The important thing in the case of EvilVideo is not the malware itself, which can vary, but the method of infection: impersonation by video on Telegram.
The “good” news is that The latest version of Telegram no longer confuses these APKs with videos. If someone tries to send you an APK (or share it in a channel or group), you will see the preview in chat as if they were sending you an APK and not a video.
It is therefore important that update Telegram to the latest version and be especially careful with anything strangers send you: links to seemingly innocuous things like videos or photos.
More information and images | ESET
In Xataka Android | What is malware, what are its types and what can you do if it infects your mobile
