Cybersecurity researcher @officer_cia of LobsterDAO and Immunefi bug bounty platform shared the details of another malware focused on crypto wallets and account credentials.
Echelon is here to steal your crypto
The expert has taken to Twitter to warn all users of Telegram about the new attacks on crypto wallets registered on Telegram.
Warning ❗️ An attack on thematic @telegram crypto chats ongoing now. The attackers use an account named "Smokes Night" to spread Echelon malware by dropping a file into the chat room.— CIA Officer (@officer_cia) December 25, 2021
TLDR: Disable auto-downloading in Telegram settings right now.
? See the thread below ?
According to the expert, the user with the "Smokes Night" handle spreads Echelon malware by dropping an infected file into chat rooms without comment.
The expert has attached a report about a similar attack with a list of affected cryptocurrency services. It includes a number of noncustodial wallets (AtomicWallet, Electrum, Exodus) for Bitcoin, Litcecoin, ZCash, Monero and other cryptos.
This version of Echelon has multiple credential-stealing functions, domain detection and computer fingerprinting. It also attempts to take a screenshot of the victim's device.
Here's how you can protect yourself
The malware can steal the information even if a Telegram user does not open the file. The option of auto-downloading that is built-in to the messenger makes this possible.
As such, the reporter recommends disabling the auto-downloading option in Telegram's settings.
In 2021, Echelon malware was described as ransomware, a malicious software program that encrypts files for ransom.
As covered by U.Today previously, in 2021, ransomware programs stole millions of dollars; typically, the malefactors demand a ransom in Bitcoin, Ethereum or Monero.