How does EvilVideo in Telegram works

A Telegram video that hides malware, EvilVideo and how to avoid it

Hackers are always trying to trick you and steal your information or infect your devices. The new malware EvilVideo arrives in the form of a Telegram message and it can be very dangerous.  The ESET antivirus team discovered the security failure in Telegram and how it can affect your Smartphone.

The security failure EvilVideo takes advantage of in Telegram allows sending APK files camouflaged as videos. If opened, the user ends up installing an app to watch the video and it’s in fact a malware.  Since the 10.14.5 Telegram update the failure is already fixed.

The EvilVideo malware in Telegram

EvilVideo is a hidden malware don’t open it

It’s very common to receive at least 12 messages from unknown people in Telegram. Even though most of them end up in the Archived Chats, sometime you may check what you have received. If curiosity makes you open one of these videos, you may be at risk.

Thanks to the latest Telegram update, the ESET antivirus investigators found a way to camouflage APK files as videos. In the chat window you will see a video but when you try to play it, you are asked to download an external video player.

In fact, it’s normal for Telegram to avoid playing it. It’s not a video at all. It’s an APK file that you will install in your mobile phone if you are not careful enough. The APK will also ask for permissions to run on your phone, another warning signal to stop interacting with it. If you don’t stop, you will install the APK in your device.

Users tend to think they are installing a video player app but it’s in fact a virus. ESET identified EvilVideo as xHamster Premium Mod, but the method can be used to camouflage any malware at all.

Depending on each malware, the hackers will be able to control different aspects of your mobile phone or personal information. Most of malware nowadays tries to get access to accessibility services in Android and then steal passwords, personal data and similar.

EvilVideo is not the malware but just a mask

The EvilVideo file is not responsible. In fact, it’s just a mask for another malware APK file that you install without knowing. It’s also possible to use other videos to try and infect your device. So be aware of videos that ask you to download a different video player.

In the most recent Telegram update the APK masquerading is not available anymore. However, it’s possible that in the future a new security failure appears and the process begins again. Remember to update your Telegram version to the latest one available.


Leave a Comment