Home > Security > Security News

Novel ‘EvilLoader’ Telegram  Vulnerability Cloaking APKs as Video Files Threatens Android Users

Published on March 7, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

A major security vulnerability dubbed "EvilLoader" has been uncovered in Telegram for Android’s latest version, exposing users to potential malware threats. This exploit allows attackers to disguise malicious Android Application Package (APK) files as legitimate video content. 

EvilLoader targets a flaw in Telegram's handling of media files. Originally referred to as EvilVideo, this exploit builds a vulnerability disclosed in 2024 (CVE-2024-7014), also targeting Telegram for Android.

Despite being reported to Telegram on March 4, 2025, the vulnerability, detailed alongside a Proof of Concept (PoC) code, remains unpatched and effective on Telegram's latest Android version (11.7.4).

Received Malicious Video File (left), Telegram Request to Install External Player After Trying to Play It (right).
Received Malicious Video File (left), Telegram Request to Install External Player After Trying to Play It (right) | Source: Mobile Hacker

Alarmingly, the payload for EvilLoader has been actively sold on underground forums since January 15, 2025, making it widely accessible to cybercriminals. The availability of EvilLoader on these forums raises significant concerns about its potential scope of abuse. 

By embedding malicious code in HTML files saved with an mp4 extension, attackers can trick Telegram into identifying the file as a legitimate video

HTM is Presented as a Video and Sent via the Telegram API.
.htm File Presented as a Video and Sent via the Telegram API | Source: Cti Monster

Once a user attempts to open the fake media, Telegram prompts an external application launch. If the user allows it, the disguised APK file runs a JavaScript-containing HTML page.

However, for the exploit to succeed, the user must manually enable the installation of apps from unknown sources on their Android device. This security setting is typically disabled by default to prevent unauthorized installations.

Telegram is widely regarded as a secure platform, which may lead users to trust and open files from seemingly credible sources. Yet, the flaw remains unaddressed in the latest Telegram for Android version, presenting a serious security risk.

Until a patch is released, Telegram users are urged to disable auto-downloads in Telegram's settings and avoid opening files from unknown or untrusted sources, especially those prompting external application launches. 

Add a Comment
Related
Hackers Exploit SourceForge to Distribute Miner and ClipBanker Trojan via Fake Microsoft Office Tools
Cybersecurity Gaps Exposed in US Treasury’s OCC Breach, 100 Bank Regulators’ Emails Compromised
RemoteMonologue Exploit Highlights Vulnerabilities in DCOM for Credential Harvesting 
DBS and Bank of China Vendor Ransomware Attack Exposed the Data of 8,200 Customers
Alleged Scattered Spider Member Pleads Guilty to Cybercrimes, Ordered to Repay $13.2M
Everest Ransomware Gang's Leak Website Gets Hacked
Most Popular
The Astro Bot team Receiving the Award for Best Game
BAFTA Game Awards 2025: Full list of Winners 
Warfare
“Who will want to Watch this Movie?”: Warfare Movie Reviews Compilation 
Next Gen NYC
Next Gen NYC: Everything we know About Bravo’s Glamorous new Reality Series
Hackers Exploit SourceForge to Distribute Miner and ClipBanker Trojan via Fake Microsoft Office Tools
Fountain Of Youth
Fountain of Youth: All we know About Guy Ritchie’s Action-Packed Adventure film Starring Natalie Portman & John Krasinski
The White Lotus
"You tell People this is what it is and some won’t do it": The White Lotus's Unique Salary System Explained
BAFTA Game Awards 2025: Full list of Winners 
“Who will want to Watch this Movie?”: Warfare Movie Reviews Compilation 
Next Gen NYC: Everything we know About Bravo’s Glamorous new Reality Series
Hackers Exploit SourceForge to Distribute Miner and ClipBanker Trojan via Fake Microsoft Office Tools
Fountain of Youth: All we know About Guy Ritchie’s Action-Packed Adventure film Starring Natalie Portman & John Krasinski
"You tell People this is what it is and some won’t do it": The White Lotus's Unique Salary System Explained

Most Popular
The Astro Bot team Receiving the Award for Best Game
BAFTA Game Awards 2025: Full list of Winners 
Warfare
“Who will want to Watch this Movie?”: Warfare Movie Reviews Compilation 
Next Gen NYC
Next Gen NYC: Everything we know About Bravo’s Glamorous new Reality Series
Hackers Exploit SourceForge to Distribute Miner and ClipBanker Trojan via Fake Microsoft Office Tools
Fountain Of Youth
Fountain of Youth: All we know About Guy Ritchie’s Action-Packed Adventure film Starring Natalie Portman & John Krasinski
The White Lotus
"You tell People this is what it is and some won’t do it": The White Lotus's Unique Salary System Explained
BAFTA Game Awards 2025: Full list of Winners 
“Who will want to Watch this Movie?”: Warfare Movie Reviews Compilation 
Next Gen NYC: Everything we know About Bravo’s Glamorous new Reality Series
Hackers Exploit SourceForge to Distribute Miner and ClipBanker Trojan via Fake Microsoft Office Tools
Fountain of Youth: All we know About Guy Ritchie’s Action-Packed Adventure film Starring Natalie Portman & John Krasinski
"You tell People this is what it is and some won’t do it": The White Lotus's Unique Salary System Explained

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: