A resurgence of the CVE-2024-7014 vulnerability termed 'Evilloader,' exploiting Telegram's Android client through a revised tactic involving disguised .htm files, led to unauthorized JavaScript execution. The attackers leveraged Telegram's multimedia framework and manipulated metadata headers to distribute the malicious files. Victims, deceived into playing a pseudo-video file, inadvertently trigger JavaScript execution in their browsers when redirected by a content:// URI scheme. This exploit, primarily targeting unpatched versions of Telegram (≤10.14.4), facilitated data exfiltration and malware activities such as phishing and banking Trojans. Telegram's delayed response in enforcing robust file validation has instigated significant risks to user data integrity and privacy.
Source: https://cybersecuritynews.com/telegram-evilvideo-vulnerability-exploited/
"id": "tel906030525",
"linkid": "telegram-messenger",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"