Telegram Abused to Steal Crypto-Wallet Credentials

2021-12-23 16:00

Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.

Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.

Researchers at the SafeGuard Cyber's Division Seven threat analysis unit detected a sample of Echelon posted to a Telegram channel focused on cryptocurrency in October, they said in an analysis on Thursday.

The malware used in the campaign aims to steal credentials from multiple messaging and file-sharing platforms, including Discord, Edge, FileZilla, OpenVPN, Outlook and even Telegram itself, as well as from a number of cryptocurrency wallets, including AtomicWallet, BitcoinCore, ByteCoin, Exodus, Jaxx and Monero.

Researchers eventually managed to de-obfuscate the code and peer under the hood of the Echelon sample delivered to users of the Telegram channel.

The Echelon sample lifted from the campaign sends credentials and other stolen data and screenshots back to a command-and-control server using a compressed.

News URL

https://threatpost.com/telegram-steal-crypto-wallet-credentials/177266/

#credential #crypto #telegram

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Telegram		6	2	23	8	2	35