A Telegram for Android zero-day vulnerability dubbed ‘EvilVideo’ allowed attackers to send malicious Android APK payloads disguised as video files. […]

from https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/