According to Odaily Planet Daily, ESET researchers discovered a zero-day vulnerability for the Android version of Telegram, which was sold on underground forums on June 6, 2024. Exploiting this vulnerability, attackers can share malicious Android payloads through Telegram channels, groups, and chats and make them appear as multimedia files.

The vulnerability only applies to Android Telegram versions 10.14.4 and earlier. After the ESET research team reported it to Telegram, the vulnerability was fixed on July 11, 2024, and Telegram released version 10.14.5 and notified the ESET research team via email.