According to Odaily, ESET researchers have identified a zero-day vulnerability targeting the Android version of Telegram. This vulnerability, discovered on June 6, 2024, was being sold on underground forums for an undisclosed price. Named EvilVideo by the ESET research team, the exploit allows attackers to share malicious Android payloads disguised as multimedia files through Telegram channels, groups, and chats. The vulnerability affects Android Telegram versions 10.14.4 and earlier.
After ESET reported the issue to Telegram, the vulnerability was patched on July 11, 2024. Telegram released version 10.14.5 on the same day and notified the ESET research team via email.