CVE-2024-7014
📋 TL;DR
The EvilVideo vulnerability in Telegram for Android allows attackers to send malicious applications disguised as video files. When users open these files, they can execute arbitrary code on the device. This affects Telegram for Android versions 10.14.4 and older.
💻 Affected Systems
- Telegram for Android
📦 What is this software?
Telegram by Telegram
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing data theft, surveillance, ransomware deployment, and persistence through malicious app installation.
Likely Case
Malware installation leading to credential theft, financial fraud, and unauthorized access to device data and communications.
If Mitigated
Limited impact if users avoid opening suspicious video files from untrusted sources and have updated Telegram.
🎯 Exploit Status
Exploitation requires sending a malicious file and convincing the user to open it. ESET researchers have confirmed active exploitation in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.14.5 and newer
Vendor Advisory: https://telegram.org/blog/evilvideo-vulnerability-fix
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for Telegram 3. Tap Update if available 4. Alternatively, download latest version from Telegram.org
🔧 Temporary Workarounds
Disable automatic media download
androidPrevents automatic download of suspicious video files that could contain the exploit
Settings > Data and Storage > Auto-Download Media > Disable all options
Restrict message sources
androidOnly accept messages from known contacts to reduce exposure
Settings > Privacy and Security > Groups & Channels > Set to 'My Contacts'
🧯 If You Can't Patch
- Avoid opening video files from unknown or untrusted Telegram contacts
- Use Telegram Web or desktop clients which are not affected by this Android-specific vulnerability
🔍 How to Verify
Check if Vulnerable:
Check Telegram version in Settings > About Telegram. If version is 10.14.4 or lower, you are vulnerable.Check Version:
Not applicable - check via Telegram app settingsVerify Fix Applied:
Update to Telegram 10.14.5 or newer and verify version in Settings > About Telegram.📡 Detection & Monitoring
Log Indicators:
- Unusual APK installation events from Telegram
- Telegram downloading unusually named video files with .apk extensions
Network Indicators:
- Telegram downloading files with video MIME types but APK content
- Unusual outbound connections from Telegram to unknown servers
SIEM Query:
source="android" AND (event="app_install" AND package_name LIKE "%.apk" AND process="org.telegram.messenger") OR (process="org.telegram.messenger" AND file_download LIKE "%.mp4" OR file_download LIKE "%.avi")