Disable the auto-download feature on Telegram.
Hackers are targeting Telegram crypto chat users with malware that downloads automatically to the user's device and empties crypto wallets. According to a researcher at blockchain bug bounty platform Immunefi, a hacker called "Smokes Night" dropped the Echelon malware into a chat. Users in that chat with the auto-download feature enabled are susceptible to the hack.
SafeGuard Cyber notes in its report that this attack has been in use on Telegram since as early as October 2021. SafeGuard Cyber analyzed the Echelon malware, finding that it "performs several crypto wallet and credential stealing functions, as well as domain detection and computer fingerprinting" and attempts to screenshot the user's device.
The Echelon malware attempts to steal credentials and data for twelve crypto wallets:
The malware also tries to steal credentials for common apps, such as:
– Psi (Jabber)
While Telegram is targeted primarily for its poor default security settings and large crypto user base, it's possible that the Echelon malware is also being used in other apps.