EvilVideo

First up this week is the story of EvilVideo, a clever telegram exploit that disguises an APK as a video file. The earliest record we have of this exploit is on June 6th when it was advertised on a hacking forum.

Researchers at ESET discovered a demo of the exploit, and were able to disclose it to Telegram on June 26th. It was finally patched on July 11. While it was advertised as a “one-click” exploit, that’s being a bit generous, as the ESET demo video shows. But it was a clever exploit. The central trick is that an APK file can be sent in a Telegram chat, and it displays what looks like a video preview. Tap the “video” file to watch it, and Telegram prompts you to play it with an external player. But it turns out the external player in this case is Android itself, which prompts the target to install the APK. Sneaky.

Continue reading “This Week In Security: EvilVideo, Crowdstrike, And InSecure Boot” →

Hackaday

1 Articles

This Week In Security: EvilVideo, Crowdstrike, And InSecure Boot

Search

Never miss a hack

If you missed it

Mining And Refining: Mine Dewatering

Tech In Plain Sight: Tasers Shooting Confetti

Experimenting With MicroPython On The Bus Pirate 5

The Biological Motors That Power Our Bodies

Meet The Optical Data Format You’ve Never Heard Of Before

Our Columns

Ubiquitous Successful Bus: Version 2

FLOSS Weekly Episode 805: Mastodon — Bring Your Own Algorithm

Keebin’ With Kristina: The One With The Folding Butterfly Keyboard

Breaking News: 2024 Supercon SAO Contest Deadline Extended

The Biological Motors That Power Our Bodies

Search

Never miss a hack

Subscribe

If you missed it

Our Columns