Evilloader It is a video exploit that could put the safety of millions of Android devices through Telegramone of the most used messaging applications in the world. This malwarediscovered by a security researcher who is known as online 0x6RSSallows attackers to camouflage harmful files – for example a video – and to induce users to perform them. In this way the user unknowingly reveals sensitive data or allows the installation of malware. Although a server side correction has already been distributed by Telegram to fix a similar vulnerability discovered in the past, the problem remains a threat to users who do not adopt adequate precautions. In this article, in addition to explaining how Evilloader works technically and why it is dangerous, we will also indicate what you can do concrete to protect you.
What is Evallader that attacks the Android through Telegram
Evilloader It is basically a exploit, IT term indicates a type of viruses capable of causing unexpected software, hardware or electronic systems, which uses vulnerability in the management of video files by theTelegram application for Android. This flaw allows IT criminals to send users a file with extension .htm (typical of files HTML) Renamed as a video, the user is induced to open it, thinking that it is a totally harmless file. If the file is not properly opened by Telegram, the program suggests to open it with a external browserwhere the code Javascript contained in the file can come into action. In this way, the malware can access the device, collecting information such as theIP address of the user and, potentially, installing harmful applications.
The example provided by the security researcher 0x6RSS shows how the file can imitate legitimate sites, such as the Google Play Storepushing the user to download a false version of Google Play Protectan app that should protect the device but that, in this case, contains harmful code.
The EmpilloAder exploit is a variant of a similar problem already known, called Evilvideodiscovered in 2024. Although Telegram has corrected the vulnerability relating to Evilvideo, Evilloader still makes use of the incorrect management of the files by the application. Although Telegram has released a server side correction to protect users, vulnerability remains active in the latest version of the app for Android (11.7.4), without an actually decisive patch. To this is added the fact that, Vulnerability is now easily available in underground forumswhere it is sold to IT criminals, thus increasing the risk of large -scale attacks.
How to protect yourself from Evilloader and from Telegram’s vulnerability
For protect yourself from Evilloaderit is essential to take some precautionary measures. First of all, it is advisable Disable the installation of apps from unknown sourcesa setting that can be found in the safety options of the Android device. To do this, follow these simple steps (taking into account that some words and passages can vary based on the version of Android in use):
- Open the app Settings.
- Go to the section App> Special permits/permits> Install unknown apps.
- Select the browser name which usually used to navigate online (e.g. Google Chrome).
- Deactivate the option Allow this source and possibly save the changes made.
In this way, even if a harmful file is masked like a video, the user will not be able to automatically install dangerous applications. In addition, it is important not to open multimedia files received by unknown or suspicious senders on Telegram. In case of doubt, it is always better to delete the file instead of risking performing it.
Another advice we give you is that of Keep the Telegram application and all the other apps always installed on your device updated. Updates frequently include safety corrections that resolve vulnerability such as the one just described. And, for “extra” protection, evaluate the use of a good Antivirus softwareable to detect and block potential threats in the bud.
