- Attackers are using Telegram to steal bitcoin.
- Echelon can also steal your data, passwords, and even fingerprints.
- As a result, the reporter advises turning off the auto-download feature in Telegram’s settings.
As per experts, attackers use the Telegram handle “Smokes Night” to install the harmful Echelon info stealers, which steal cryptocurrencies and other user account details.
Results suggested that attackers are using the Echelon info stealer to target the crypto-wallets of Telegram users in an attempt to trick new or innocent users of a cryptocurrency discussion channel on the messaging network.
The expert has used a report on a similar hack as well as a list of bitcoin services that have been attacked. It includes noncustodial wallets for Bitcoin, Litecoin, ZCash, Monero, and other cryptocurrencies (AtomicWallet, Electrum, Exodus).
Malware Analysis
Echelon is delivered to the cryptocurrency channel in the form of a.RAR file called “present).rar,” which has three suppressed files: “pass – 123.txt,” a text document containing a password.
“DotNetZip.dll, “a non-malicious class library and toolset for manipulating.ZIP files; and “Present.exe,” the Echelon credential stealer’s malicious executable.
ALSO READ – CoinMarketCap slammed by CEO of Cryptocam for misreporting on trading volume
The.NET payload also featured numerous characteristics that made it difficult to identify or analyze. Such as two anti-debugging capabilities that instantly terminate the process if a debugger or other malware analysis tools are identified, and obfuscation utilizing the open-source ConfuserEx program.
Computer fingerprinting and the capacity to snap a screenshot of the victim’s workstation are among the malware’s other characteristics, according to researchers.
According to them, the Echelon collected data taken from the various campaigns on telegram uses a compressed.ZIP file to deliver passwords, other stolen data, and screenshots back to an attacker’s command server.
How to protect yourself
In 2021, Echelon malware was classified as ransomware, a malicious software program that encrypts files and keeps them hostage, for a fee.
Even if a Telegram user does not open the file, the virus can steal information. This is made feasible by the messenger’s built-in option of auto-downloading.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.