According to the report, the malware is distributed among Telegram groups by a user with the “Smokes Night” handle, who spreads the malware by dropping an infected file into chat rooms without comment.
“The sample of Echelon that we analyzed targets credentials, crypto wallets, and has some fingerprinting capabilities,” SafeGuard detailed. This allows the attacker to gain access to victims’ crypto assets.
However, the malware also attempts to gain access and steal credentials from multiple different messaging, File Transfer Protocol (FTP), and Virtual Private Network (VPN) platforms, which can be used for social engineering attacks in the future.
Nevertheless, users can apply some quick settings to improve security.
In the first place, they need to disable automatic media download and activate other privacy settings like limiting certain options to contacts only.
And, of course, they should never download unknown third-party files shared via any messaging or social media platform.
Telegram, a cross-platform messaging app, has found popularity among the crypto community for its enhanced privacy and encryption features, its support for large groups, as well as the fact that it has no ties to Meta‘s family of social media apps — i.e., Facebook, Messenger, and Instagram.
As reported, last week, investors of the Solana (SOL)-based non-fungible token (NFT) project Monkey Kingdom were robbed of their SOL tokens after a cyber thief hacked the project’s official Discord server and published a phishing link.