{"id":8652,"date":"2024-09-17T12:00:00","date_gmt":"2024-09-17T09:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/?p=8652"},"modified":"2026-06-14T19:42:39","modified_gmt":"2026-06-14T16:42:39","slug":"eset-research-podcast-evilvideo","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2024\/09\/17\/eset-research-podcast-evilvideo\/","title":{"rendered":"ESET Research Podcast: EvilVideo"},"content":{"rendered":"<p>Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher <a href=\"https:\/\/www.welivesecurity.com\/en\/our-experts\/lukas-stefanko\/\">Luk\u00e1\u0161 \u0160tefanko<\/a> ran into one such exploit \u2013 which ESET named <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android\/\">EvilVideo<\/a> \u2013 being sold on an underground forum and went in to explore and report it.<\/p>\n<p>In the discussion with our podcast host ESET Distinguished Researcher <a href=\"https:\/\/www.welivesecurity.com\/en\/our-experts\/aryeh-goretsky\/\">Aryeh Goretsky<\/a>, \u0160tefanko describes the findings of his analysis, including the fact that the flaw affected only the Android version of the app but not the versions for Windows and iOS.<\/p>\n<p>He also detailed that in the proof of concept he analyzed, the exploit was bundled with an off-the-shelf spyware called Android\/Spy.SpyMax but that could be swapped for any other malware of the attacker\u2019s choice.<\/p>\n<p>If you want to know how Telegram developers reacted to ESET reporting the vulnerability, how long it took to fix, how many victims were found, or what users and companies can do to stay safe, listen to the latest episode of the ESET Research podcast.<\/p>\n<p>For a detailed report on EvilVideo or on the activities of numerous threat actors, follow ESET Research on <a href=\"https:\/\/twitter.com\/esetresearch\">X (formerly known as Twitter)<\/a> and check out our latest <a href=\"https:\/\/www.welivesecurity.com\/eset-research\/index.html\">blogposts<\/a> and <a href=\"https:\/\/www.welivesecurity.com\/white-papers\/index.html\">white papers<\/a> on <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android\/\">WeLiveSecurity.com<\/a>. If you like what you hear, subscribe for more on <a href=\"https:\/\/open.spotify.com\/show\/1WDjY2A3A3s5FKycrOVkhg\">Spotify<\/a>, <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/eset-research-podcast\/id1596306608\">Apple Podcasts<\/a>, or <a href=\"https:\/\/esetresearch.podbean.com\/\">PodBean<\/a>.<\/p>\n<p>PS: For those of our listeners who are attending the 2024 ESET Technology Conference and playing along with our game of capture the flag, the flag for the CTF challenge named \u201cRadio Broadcast\u201d is: <em>podcasts_are_new_books<\/em>.<\/p>\n<\/p>\n<p class=\"wls-source\"><a href=\"https:\/\/www.welivesecurity.com\/en\/podcasts\/eset-research-podcast-evilvideo\/\" rel=\"nofollow noopener\" target=\"_blank\">Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos<\/p>\n","protected":false},"author":5,"featured_media":8654,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2878],"tags":[],"class_list":["post-8652","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-eset-research"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=8652"}],"version-history":[{"count":1,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8652\/revisions"}],"predecessor-version":[{"id":9314,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8652\/revisions\/9314"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/8654"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=8652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=8652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=8652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}