950 million users should update the Telegram app immediately
Cybersecurity firm ESET has found a zero day vulnerability in the Telegram app for Android that allowed attackers to send malicious files disguised as videos, affecting millions of users.
This vulnerability was exploited for at least 5 weeks before being patched on July 11.
According to ESET, hackers created malicious APK (Android application installation package) files and disguised them as videos. The APK file will automatically download and install when the user downloads or clicks on the video, causing the device to be infected with malware.
Hackers also display fake notifications asking to play the video using an external player or stating that Telegram cannot install the APK file to fool users. If you ignore these warnings, users will accidentally install malware on their devices.
ESET discovered hackers using two types of malware, one impersonating Avast antivirus software and the other a fake "premium mod" for an adult website.
Telegram Android versions from 10.14.4 and earlier are affected by this vulnerability. To patch the vulnerability and avoid being attacked, users are recommended to update the application to the latest version (10.14.5).
Additionally, users should also exercise caution when downloading or clicking files from untrusted sources and update software regularly to protect devices from security vulnerabilities.
Discover more
Telegram
Share by
Isabella HumphreyYou should read it
- What is Telegram? 15 reasons to use Telegram
- How to make a voice or video call on Telegram
- Telegram and Telegram X suddenly disappeared from the App Store
- 5 best Telegram desktop clients
- How to turn off notifications when someone in your contacts joins Telegram
- Cursor Composer User Guide
- Core commands in Claude Code
- Context management in Claude Code
- The YouTube Android app adds picture-in-picture mode completely free
- Top 9 best online gaming websites in 2024
- How to connect Bluetooth headphones to computers and laptops 2024