Security News > 2021 > December > Telegram Abused to Steal Crypto-Wallet Credentials
Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.
Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.
Researchers at the SafeGuard Cyber's Division Seven threat analysis unit detected a sample of Echelon posted to a Telegram channel focused on cryptocurrency in October, they said in an analysis on Thursday.
The malware used in the campaign aims to steal credentials from multiple messaging and file-sharing platforms, including Discord, Edge, FileZilla, OpenVPN, Outlook and even Telegram itself, as well as from a number of cryptocurrency wallets, including AtomicWallet, BitcoinCore, ByteCoin, Exodus, Jaxx and Monero.
Researchers eventually managed to de-obfuscate the code and peer under the hood of the Echelon sample delivered to users of the Telegram channel.
The Echelon sample lifted from the campaign sends credentials and other stolen data and screenshots back to a command-and-control server using a compressed.
News URL
https://threatpost.com/telegram-steal-crypto-wallet-credentials/177266/
Related news
- Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users (source)
- Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data (source)
- Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering (source)
- New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto (source)