A vulnerability in Telegram for Android allows threat actors to distribute malicious files disguised as videos. ESET discovered the flaw through an advertisement for the exploit on a cybercrime forum. The zero-day is designed specifically for Telegram on Android.  It allows actors to distribute videos which are secretly malicious files. Since Telegram downloads multimedia files automatically, the malicious payload is automatically downloaded to the user’s device. The flaw has been patched, but thousands of users are affected and advised to update the Telegram application’s version. 

Read more: https://www.securityweek.com/telegram-zero-day-enabled-malware-delivery/