Hackers are Targeting Telegram Users
Hackers are targeting Telegram crypto chat users with malware that downloads automatically to the user's device and empties crypto wallets.
Disable the auto-download feature on Telegram.
Hackers are targeting Telegram crypto chat users with malware that downloads automatically to the user's device and empties crypto wallets. According to a researcher at blockchain bug bounty platform Immunefi, a hacker called "Smokes Night" dropped the Echelon malware into a chat. Users in that chat with the auto-download feature enabled are susceptible to the hack.
SafeGuard Cyber notes in its report that this attack has been in use on Telegram since as early as October 2021. SafeGuard Cyber analyzed the Echelon malware, finding that it "performs several crypto wallet and credential stealing functions, as well as domain detection and computer fingerprinting" and attempts to screenshot the user's device.
The Echelon malware attempts to steal credentials and data for twelve crypto wallets:
– Armory
– AtomicWallet
– BitcoinCore
– ByteCoin
– DashCore
– Electrum
– Exodus
– Ethereum
– Jaxx
– LitecoinCore
– Monero
– Zcash
The malware also tries to steal credentials for common apps, such as:
– Discord
– Edge
– FileZilla
– NordVPN
– OpenVPN
– Outlook
– Pidgin
– ProtonVPN
– Psi (Jabber)
– Telegram
– TotalCommander
While Telegram is targeted primarily for its poor default security settings and large crypto user base, it's possible that the Echelon malware is also being used in other apps.