Hi Guy's welcome back my new blog post, in this post we will share new vulnerability in telegram which is 0 Day Exploit Telegram in Android And EvilVideo Telegram 0 day exploit. so we see how the attack work and how can we protect ourselves from it.
EvilVideo Telegram 0Day
EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos.
How EvilVideo Exploit Work
The exploit likely uses the Telegram API to upload specially crafted multimedia files, making the payload appear as a 30-second video rather than a binary attachment. Upon sharing in a chat the malicious payload appears like a video preview.
By default, Telegram automatically downloads media files, making users vulnerable to the EvilVideo exploit, which disguises malicious payloads as multimedia files. When attempting to play the fake video, Telegram suggests using an external player, leading users to install a malicious app. The exploit leverages a vulnerability in Telegram’s upload process to make the file appear as a video.
Disclaimer: The content has been made available for informational and educational purposes only. All practices demos are performed on my own devices or networks, Linuxndroid are not responsible for any type of action.
Step1: Create A Telegram Bot
to perform you EvilVdeo Telegram Exploit , First of all you have to create a Telegram Bot from Bot Father. after creating a Telegram bot, you must note down its Token ID carefully because we will need it later, Also you have copy your Chat ID, so for this you can use the chat ID finder in telegram.
Step3: Start Telegram Video Exploit Script
ok, now before starting the script, you need to have two thing. First, you need to record a few second video and second, You need an application .apk file. You will need both of these when you start the script.
so here you can see that I start this script by selecting My 5sec Video and Android Apk file, and script successfully start and send malicious video file in my Bot.
Step4: Exploit Android Using Telegram 0Day EvilVideo
Here you can see that this video file on our phone has successfully reached us but this is not a normal video. In a way, it is a malicious video as the user will click on it, his device can be compromised here.
Ok, as we click on this video file, we will get a message to open it in an external Player and if the user tries to install the external player, then our malicious application will appear in front of him which we had selected while running the script. and user install this app then completely hacked his Phone.
Watch Practical Video Telegram 0Day Exploit : EvilVideo
0 Comments
Please do not enter any spam link in the comment box.