A significant security vulnerability has been discovered in Telegram for Android, posing a substantial risk to millions of users worldwide. The issue, identified by security researchers from ESET, has been dubbed ‘EvilVideo’. This zero-day vulnerability allows hackers to compromise devices by sending malicious files or videos through Telegram chats, potentially granting them access to the infected device.

The flaw predominantly affects versions of Telegram prior to 10.14.5. As a result, users are strongly advised to update their apps to the latest version immediately to mitigate the risk.

Lukas Stefanko, a researcher from the ESET team, stumbled upon this critical flaw while investigating a separate issue. The discovery was further corroborated by discussions in online forums, where detailed information on how ‘EvilVideo’ could be exploited to attack Telegram users was being shared.

Telegram’s features, such as channels and large file transfer capabilities, exacerbate the danger posed by this flaw. Hackers can disguise harmful files as harmless ones using the Telegram API, making detection difficult for the average user.

ESET informed Telegram about the vulnerability on June 26. Despite the urgency, it took Telegram over a week to acknowledge and begin addressing the problem. The release of Telegram version 10.14.5 includes a fix for this exploit, and users are urged to update their apps immediately. To check and update the app, users can navigate to Telegram – Settings – About and ensure they are running the latest version available on the Play Store.