If you forgot to update your Android applications or you simply didn’t update your Telegram to the latest version, you should do it now, Telegram last month in July released a patch to fix a zero-day vulnerability that allows attacks to inject malicious codes into the videos in the chat, Telegram like WhatsApp and most of the other mobile-based chatting applications, allows anyone to send you a message just by knowing your number.
If your current Telegram version is 10.14.4 or older, then your phone is vulnerable and the hacker could have full remote access to your Android phone, to check your current Telegram version simply follow the next steps:
- Open the Telegram application.
- Tap on the crum button on the top left.
- Tap on Settings.
- Scroll down to the end, on the bottom you will find your current Telegram version.
The attacker could share the malicious payloads in chats, channels, and groups and make the payloads appear as 30-second videos, most users used to open any video shared with them on mobile-based chatting applications, and such vulnerability could so easily compromise their privacy and security.
Also, most of the Telegram users allow the multimedia files to be downloaded automatically, this will increase the chance of running the payload and compromise the Android device.
Once the victim taps on the video to run, Telegram will show a message that the video can’t be run and needs to run on an external video app, once the user opens the file to run on a chosen player, permission will pop up to install that malicious application that is disguised as an external video player, once the user taps to install it then the device is compromised.
Recommendations
To stay secure, you must always follow secure internet habits since all the devices that we use are connected to the internet and malicious guys work hard to exploit the devices to achieve their malicious activities such as blackmailing or selling the victim’s private information, here below we will list for you the recommendations that you should follow to stay secure:
- Keep your applications on your Android device always up to date.
- Never download applications from unknown sources.
- Never download an untrusted application even if it is from Google Play.
- Never accept to download an application suggested to be downloaded by the application you are using.
- Have an antivirus on your device and keep it updated.
- Set strong passwords and always enable Two-Factor Authentication.
By following the above list, you will help to secure your internet presence by common attacks and to keep your money and priceless private information secure and safe.