Cryptocurrency wallets are the target of malware spread on Telegram

LobsterDAO’s cybersecurity researcher @officer_cia and the bug bounty platform Immunefi recently shared details of new malware focused on cryptocurrency wallets.

It is Echelon, which is being distributed on the Telegram messaging platform and aims to steal cryptoactives.

The specialist @officer_cia used Twitter to alert platform users about new attacks on crypto wallets registered on the Telegram.

According to the expert, the user identified as “Smokes Night” spreads the Echelon malware by placing an infected file in chat rooms without comment.

Warning ❗️ An attack on thematic @telegram crypto chats ongoing now. The attackers use an account named "Smokes Night" to spread Echelon malware by dropping a file into the chat room.

TLDR: Disable auto-downloading in Telegram settings right now.

👇 See the thread below 👇

— CIA Officer (@officer_cia) December 25, 2021

How to protect yourself from malware

Following tweets, the expert attached a report explaining how not to get hacked on the Telegram.

Tips include restricting information shared with other users, such as phone number, last seen, and profile picture.

In addition, the expert recommends that users restrict calls; disable automatic data download; check active sessions; do not open executable files ​​from other users; and beware of identity falsification.

Also according to @officer_cia, this version of Echelon has several credential theft, domain detection and computer fingerprint functions. The malware also tries to take a screenshot of the victim’s device.

Malware can steal information even if a Telegram user does not open the file. That’s because the automatic download option built into the messenger makes this possible.

As a SafeGuard Cyber ​​Division Seven report reported, the malware targets crypto wallets such as Electrum, Exodus, ETH, ByteCoin, AtomicWallet and others.

Still, Echelon attempts to steal credentials from multiple platforms including Discord, OpenVPN, FileZilla, Edge and Outlook.

“We believe this particular incident was an isolated attack. The goal was to reach unsuspecting new channel users [Telegram]. However, the incident points to the risk exposure that financial institutions face as employees use modern communication apps, including mobile chat like WhatsApp and Telegram, to conduct their business,” says the SafeGuard Cyber ​​report.