950 million users should update the Telegram app immediately

Cybersecurity firm ESET has found a zero day vulnerability in the Telegram app for Android that allowed attackers to send malicious files disguised as videos, affecting millions of users.

This vulnerability was exploited for at least 5 weeks before being patched on July 11.

According to ESET, hackers created malicious APK (Android application installation package) files and disguised them as videos. The APK file will automatically download and install when the user downloads or clicks on the video, causing the device to be infected with malware.

Hackers also display fake notifications asking to play the video using an external player or stating that Telegram cannot install the APK file to fool users. If you ignore these warnings, users will accidentally install malware on their devices.

ESET discovered hackers using two types of malware, one impersonating Avast antivirus software and the other a fake "premium mod" for an adult website.

Telegram Android versions from 10.14.4 and earlier are affected by this vulnerability. To patch the vulnerability and avoid being attacked, users are recommended to update the application to the latest version (10.14.5).

Additionally, users should also exercise caution when downloading or clicking files from untrusted sources and update software regularly to protect devices from security vulnerabilities.