Crypto Wallet Hacking through Telegram

[JohnBitCo]

Recently i was reading an article where Hackers target crypto wallets through Telegram using Echelon malware is explained.
I have followed the instructions and disabled the Automatic download of media option in telegram. But i fear that many people will keep the auto download option enable because of unaware of this threat.
I wonder how this virus will work and how can they reach to our wallets / exchanges?

[haasanjui]

Hackers use malware files for attack device. They creta malwares and share on Telegram and when anyone download it then hacker got all information about device and then he control device easily and hack wallets and personal information.

[DdmrDdmr]

There’s a rather more detailed explanation (*) in one of the links provided on the later referenced Twitter account that is pointed out in the article in the OP.

It explains that the file that contains the malware is called "Present).rar", containing three files itself, one of which is the malicious element (present.exe). It seems to be a windows platform potential issue in this case (not Android/iPhone), and fortunately little extended.

The auto download feature should probably be disabled for safety per se, and thus allow the user for a more granular and attention based approach. Since the file is a .rar, and then you require executing the enclosed .exe, I don’t believe that happens on its own as an automatic corollary to the download process. Rather more, I figure, It should be the user that initiates this latter procedure, although the OP’s article does argue for the whole sequence to be automatic, which I find odd:

In general, this malware poses an enormous risk to Telegram users who depend on the application’s built-in auto-download feature. Once a file is received, the malware is automatically downloaded to the device without the user’s knowledge.
Following that, victims are not required to run or shut down any apps; the virus will simply be able to access the computer’s footprint and capture screenshots.

(*) See: https://www.safeguardcyber.com/hubfs/Threat%20Intel%20Reports/Threat%20Report_Echelon%20Malware%20-%20SafeGuard%20Cyber.pdf

[Lizzylove1]

Thanks for this, a friend had his android phone cloned and locked him out today. He was able to later regain his phone use, but his crypto funds had been moved, I think he said he had received a call via telegram and that is all he could remember before the ugly incident. We need to be extra careful on files been downloaded.

[Mbitr]

Thanks for this OP - I’ve just disabled mine  Just not worth taking any chances !

[Desmong]

This is quite surprising and I think this information should be spread to more thread to avoid more victims from this kind of threat. I have seen people complain of something similar to this of losing access to their funds and suddenly everything got wiped off. We need to be careful of the kindnof group we join on social media which is not only telegram. Thanks for this information.

[Charles-Tim]

I remembered when I disabled auto-download even for WhatsApp, including all contents, not even only videos but also photos, audios and documents. I prefer to select and authorize the ones I want on my device. This is even still better, how about Telegram, even strangers can be able to get in touch with you, how about the unknown people on Telegram groups and the likes, I have disabled automatic media download on my Telegram account also long time ago. Just like I thought this might lead to malware installation on ones device. But, it is good to be more careful, this malware can also be installed if manually select on the malware content. I think this raises the awareness about how we should not allow any unauthorized contents to be downloaded on our device.

[Yamifoud]

These hackers make their way to hack wallets and that seems easy especially for not techy people to fall into their trick like auto-download malware. It sometimes happens that due to our curiosity it leads to hacking like wanting to know what is inside the link and then clicking it. I think this must be seriously taken care of for now and have to be careful when someone does send anything like that as this might be malware that cost us a lot and lost control of our wallets. That is why it is very important to keep our keys separately, not stored on our PC or phones.

[blockman]

Thanks for this, this is actually a good warning and I've got disabled mine already. I guess that's why there are some random people claiming they're from Europe chatting on me but I ignored them.

Hackers use malware files for attack device. They creta malwares and share on Telegram and when anyone download it then hacker got all information about device and then he control device easily and hack wallets and personal information.

I'm still quite confused on how it happens but I'll just protect myself from it and thanks to this warning.

[Accardo]

Hackers have taken cryptocurrency technology as a prey and have accomplished a lot of actions that requires taking people's funds through a fishy way.
That's why people should read wild daily for new information like this one. The victims of their recent plot got no such information about turning off the auto download button. So, cryptocurrency holders should keep their eyes on recent news from top blogs, which helps to guide everyone on cases like the malware being circulated on telegram.

[virasog]

Thanks for this, a friend had his android phone cloned and locked him out today. He was able to later regain his phone use, but his crypto funds had been moved, I think he said he had received a call via telegram and that is all he could remember before the ugly incident. We need to be extra careful on files been downloaded.

Just by receiving a call on the telegram, his phone got cloned and he lost his access, that's hard to believe but if it is real, it's too much threatening. Cloning the phone means that his all data got transferred, all his passwords etc but i am sure he must have installed some malicious app as directed by the hacker on the call.

[Obito]

Why is there even an autodownload in Telegram in the first place, it's definitely going to be exploited by someone eventually and here we are with the malware that can easily snake through your phone without you knowing about it. It's still crazy to me that people are still using Telegram when there's a Discord already.

[UmerIdrees]

Recently i was reading an article where Hackers target crypto wallets through Telegram using Echelon malware is explained.
I have followed the instructions and disabled the Automatic download of media option in telegram. But i fear that many people will keep the auto download option enable because of unaware of this threat.
I wonder how this virus will work and how can they reach to our wallets / exchanges?

Thanks for sharing this important information here. I have not only applied these instructions on my own telegram account but also I have passed this information on my local board so most of the people in my local community take timely actions and avoid any potential loss of crypto.

[Lucius]

@DdmrDdmr has already noticed some illogicalities in the article, and it seems to me that this malware would not do any major damage on Android devices just by taking capture screenshots - of course, this does not apply to those who will install a crypto wallet for the first time and thus expose their seed. In addition to turning off auto-download, it is recommended that you never store large amounts of crypto in mobile/desktop wallets - and we know that Telegram has long been one of the main tools for crypto hackers.

If you can't protect yourself properly, it's better not to use such tools, in the end, you can do much more harm than good.

[pieppiep]

I wonder how this virus will work and how can they reach to our wallets / exchanges?

I do not think we as regular user will know how that virus work and how can they reach our wallets. But as far as I know, when we download a file, that can contain a virus and when we execute that file, it will infect our devices and that will depend on the source code in the virus. If the virus has a command to execute or access the wallet, the virus will try to penetrate our devices and start to do something that the creator wants. So we must be careful when we download a file from the internet.

[tranthidung]

I never allow auto download feature. I would like to spend a little more time to read pop up message, then I can approve downloading or not.

On Telegram, it is a paradise for spammers and scammers so people should customize their Privacy & Security settings because in default settings, it allows everyone to call you, to see your phone number and can add you to groups & channels.

• Phone number: My contact
• Call: My contact
• Group & channels: My contact

Telegram security and privacy tips

[noormcs5]

@DdmrDdmr has already noticed some illogicalities in the article, and it seems to me that this malware would not do any major damage on Android devices just by taking capture screenshots - of course, this does not apply to those who will install a crypto wallet for the first time and thus expose their seed.

And how about the web version of the telegram running on the computer browser? If auto download is enabled on the browser, will it only affect that browser data or have the ability to get data from the hard disk or other browsers?

Why is there even an autodownload in Telegram in the first place, it's definitely going to be exploited by someone eventually and here we are with the malware that can easily snake through your phone without you knowing about it. It's still crazy to me that people are still using Telegram when there's a Discord already.

Discord is not widely used as telegram but yes, i do believe that the default setting of telegram should be to disable the auto download. I hope telegram may explorer this option in their later releases.

[Hypnosis00]

I never allow auto download feature. I would like to spend a little more time to read pop up message, then I can approve downloading or not.

On Telegram, it is a paradise for spammers and scammers so people should customize their Privacy & Security settings because in default settings, it allows everyone to call you, to see your phone number and can add you to groups & channels.

• Phone number: My contact
• Call: My contact
• Group & channels: My contact

Telegram security and privacy tips

As I've checked on my telegram privacy and security it is all in the default setting allowing everyone to make a call, message, and send files (malware is possible), and auto-download is enabled. These tips give me more security to me personally and protect me from scammers sending questionable files.

Now to know that it all lies on how to manage our accounts and it is a need to check first on privacy and security setting, this could save us from these people. If we care nothing about our account, not possible to become a victim sooner or later. Immediate action should be done ASAP.

[Lucius]

And how about the web version of the telegram running on the computer browser? If auto download is enabled on the browser, will it only affect that browser data or have the ability to get data from the hard disk or other browsers?

I have to admit that I didn't know there was a desktop version of this app, but in that case, it would apply what @DdmrDdmr wrote - which means that the malware won't start automatically, but you need to unpack the rar file first and run the exe file. For exactly what this malware does on a desktop computer when it infects it you can read in the next article :

Echelon can collect system information, installed software and running applications. It can also exfiltrate (download) files from infected systems.

This malicious program targets browsers (e.g. Chromium, Microsoft Edge, Gecko, etc.) and attempts to extract browsing history, cookies, download data (e.g. filenames and download locations), autofills, saved credit card details and log-in credentials (i.e. usernames and passwords).

The malware targets other applications as well such as FTP (File Transfer Protocol) software (e.g. FileZilla, TotalCmd), messengers (e.g. Discord, Telegram, Jabber), VPN (Virtual Private Network) clients (e.g. NordVPN, OpenVPN, ProtonVPN).

Echelon similarly tries to steal cryptocurrency wallets (cryptowallets) such as Armory Wallet, Atomic Wallet, Bitcoin Core, Bytecoin, Dash Core, Electrum, Ethereum, Exodus, Jaxx, Litecoin Core, Monero Wallet and Zcash. These are just some features of the Echelon stealer.

[Wiwo]

 Telegrams hacking malware have been around for some time now but I believe the hacker can not have access to files on your device unless you permit them, thanks for the information to disable that feature on my telegram right aware.
Hackers and scammers are always looking out for access to steal our security details and files.