Hannah Grace Tech 12.27.2021 20:Dec PM EST

Telegram Malware Steals Crypto Wallets, Other Credentials: Warning Signs of Elcheron Malware, How to Avoid

A recent study showed that a Telegram malware called Elcheron targets and steals crypto wallets and other credentials on the platform.

Luckily, there are several ways to avoid being a victim of the said malware, which includes the limitation of privacy settings to "contacts only."

Telegram Malware Targets Crypto Wallets

Researchers discovered that cybercriminals are using the Elcheron info stealer to target the crypto wallets of Telegram users to manipulate new or unaware users of a cryptocurrency discussion channel on the messaging network, per Threat Post.

In an investigation published on Thursday, researchers from SafeGuard Cyber's Division Seven threat analysis section identified a sample of Elcheron uploaded to a Telegram channel dedicated to Bitcoin in October.

Aside from targeting crypto wallets and credentials, the Telegram malware also has some fingerprint capabilities. Moreover, the crypto wallet stealer malware used is designed to steal credentials from a variety of messaging and file-sharing platforms.

The said platforms include Discord, Edge, FileZilla, OpenVPN, Outlook and Telegram, as well as cryptocurrency wallets such as Armory, AtomicWallet, BitcoinCore, ByteCoin, DashCore, Electrum, Exodus, Ethereum, Jaxx, LitecoinCore, Monero and Zcash.

In addition to this, the report also stated that "SafeGuard Cyber believes that this was an isolated one-off incident meant to target new unsuspecting users of the channel.

Furthermore, rsearchers discovered that attackers used the account "Smokes Night" to disseminate Echelon on the channel, although it is unclear how successful it was.

"The post did not appear to be a response to any of the surrounding messages in the channel," the researchers continued.

They also added that other users on the channel did not seem to detect anything strange or respond to the post. Additionally, the SafeGuard researchers noted that this does not rule out the possibility that the virus made it to consumers' devices.

"We did not see anyone respond to "Smokes Night" or complain about the file, though this does not prove that users of the channel did not get infected," they wrote.

How to Avoid The Crypto-Wallet Stealer Telegram Malware

According to Cryptonews, users may, however, enhance security by changing a few easy Telegram settings.

First and foremost, users must prevent automatic media download and enable additional privacy features like restricting certain options to contacts only.

Users must also avoid downloading suspicious third-party files transmitted over chat or social media platforms.

For instance, Twitter user @officer_cia explained that "the animated TG stickers were used to upload spread over Telegram, with the TG servers acting as proxies."

The Twitter user added that this is enough to click on the animated sticker for remote code execution, which means that it is important to keep the automatic media downloads off.

Apart from the Telegram malware, CoinMarketCap added that Telegram users should also avoid numerous copycat admins in the platform groups, which usually happens when the target asks a question or wants assistance in a public group.

To further emphasize, predatory cybercriminals will message the individual personally, acting as a group administrator or support staff member.

Most of the time, these scammers pretend to be interested in their questions and help, which generally leads to them requesting the target's private keys or seed phrase or requesting that they log onto a platform meant to steal these credentials.

With that being stated, CoinMarketCap advised crypto-wallet owners to never send any private key, seed phrase, or any sensitive information by DM or any other method.

Anyone who asks for these, directly or indirectly, is almost probably attempting to defraud uninformed people.