EVILLOADER [CVE-2024-7014]

pinkman

pinkman

BOSS
Staff member
ADMIN
LEGEND
ULTIMATE
SUPREME
MEMBER
BFD Legacy
Joined
Feb 3, 2025
Messages
2,253
Reaction score
19,051
Deposit
0$
Evilloader is a downloader that allows attackers to download and execute additional malicious payloads on target systems. CVE-2024-7014 describes an update to the anti-analysis mechanisms of this module. A file with the ".htm" extension is disguised as a video and sent via the Telegram API, and while the user is waiting for the video, JavaScript code inside the HTML is actually executed.

The root cause of the vulnerability is that the ".htm" file format in the response to Telegram servers is perceived as a video. The ".htm" code fragment is opened in the browser under "content://". This is: content://org.telegram.messenger.provider/media/android/data/org.telegram.messenger/Telegram.povider/Telegram%20Video/4298942894727273.htm The content is opened, which allows the specified HTML page to be triggered and opened.
download:
To view the content, you need to Sign In or Register.
 
pinkman said:
Evilloader is a downloader that allows attackers to download and execute additional malicious payloads on target systems. CVE-2024-7014 describes an update to the anti-analysis mechanisms of this module. A file with the ".htm" extension is disguised as a video and sent via the Telegram API, and while the user is waiting for the video, JavaScript code inside the HTML is actually executed.

The root cause of the vulnerability is that the ".htm" file format in the response to Telegram servers is perceived as a video. The ".htm" code fragment is opened in the browser under "content://". This is: content://org.telegram.messenger.provider/media/android/data/org.telegram.messenger/Telegram.povider/Telegram%20Video/4298942894727273.htm The content is opened, which allows the specified HTML page to be triggered and opened.
download: *** Hidden text: cannot be quoted. ***
Click to expand...
ty
 
pinkman said:
Evilloader is a downloader that allows attackers to download and execute additional malicious payloads on target systems. CVE-2024-7014 describes an update to the anti-analysis mechanisms of this module. A file with the ".htm" extension is disguised as a video and sent via the Telegram API, and while the user is waiting for the video, JavaScript code inside the HTML is actually executed.

The root cause of the vulnerability is that the ".htm" file format in the response to Telegram servers is perceived as a video. The ".htm" code fragment is opened in the browser under "content://". This is: content://org.telegram.messenger.provider/media/android/data/org.telegram.messenger/Telegram.povider/Telegram%20Video/4298942894727273.htm The content is opened, which allows the specified HTML page to be triggered and opened.
download: *** Hidden text: cannot be quoted. ***
Click to expand...
 
You must log in or register to reply here.

Similar threads

pinkman
NEWS OWASP released the second report on AI-agents – now with real incidents, CVE and Russian specialists in the team
Replies
0
Views
125
pinkman
pinkman
Depov
CRLF Injection: from HTTP Response Splitting to session capture — operation and real CVE
Replies
0
Views
125
Depov
Depov
Depov
CVE-2026-0300: buffer overflow in PAN-OS - from vulnerability analysis to root RCE on the Pano Alto firewall
Replies
4
Views
246
M6nems
M
Depov
RCE Vulnerabilities in AI Platforms: CVE-2026-40933 and CVE-2026-40911 — from Allist link bypass to eval() injection
Replies
2
Views
169
dogpatch
D
Depov
CVE-2026-32202: Windows Shell vulnerability — zero-click NTLM hashes theft through LNK files
Replies
2
Views
230
Solarcrawler
S
Top Bottom