Echelon malware spreads among Telegram and Discord cryptocurrency pools, and it targets wallets like Electrum, Exodus, and Jaxx.
Hackers aim at cryptocurrency users through new malware spreading on messaging platforms like Telegram. Cybersecurity firm Safeguard Cyber raised warnings about a malware named Echelon that got programmed to steal cryptocurrency wallets.
In a report, the Division Seven (D7) threat intelligence team highlighted that a user identified as Smokes Night has been sending the malware to a group of chats about digital currencies on the Telegram platform. Some cybersecurity experts from the digital assets community took to Twitter over the weekend to alert them of the threat.
Not Only does it Spread on Telegram
The report states that malware is malicious software that infiltrates the device without consent and performs various functions such as targeting credentials, cryptographic wallets, and device details.
According to the investigation, the virus intends to steal the data to access the following crypto-wallet applications: Armory; AtomicWallet; BitcoinCore; ByteCoin; DashCore; Electrum; Exodus; Jaxx, and LitecoinCore.
Other capabilities of the Echelon version that the researchers described, in addition to the theft of credentials and data to violate crypto-wallets, is the detection of domains and digital fingerprints via the computer. The computer virus also screenshots the device, experts have warned.
On the other hand, Telegram users are not the only ones at risk, as hackers are also taking advantage of platforms to spread malicious viruses. The cybersecurity team warned that the threat could appear in messaging networks such as Discord and the email service, Outlook.
While the malware spreads across various platforms, it implies a risk to Telegram users due to the automatic download settings built into the app. This situation means that once the malware gets received, the infected file gets automatically downloaded to the device without knowledge.
After that, victims do not need to run or close any applications, so the general recommendation for Telegram users is to disable the automatic download feature.
Hackers Look for Naive Users
The cybersecurity report did not provide details on the success of the malware in terms of user reach or volume of stolen funds. In this regard, Safeguard Cyber researchers stated that they did not consider the spread of malware on Telegram to be part of a coordinated campaign but rather targeting new or naive users of the platform.
According to the investigation, the hackers distributed Echelon in a . RAR file titled present) .rar and included three files: pass – 123.txt, a benign text document containing a password, DotNetZip.dll, a non-malicious class library, and a toolkit for manipulating. ZIP files; and Present.exe, the malicious executable that steals credentials.
Fortunately, they noted that Windows Defender detects and removes the malicious executable sample Present.exe and alerts it as #LowFI: HookwowLow, mitigating potential malware damage for users with installed antivirus software.
At the same time, digital currencies have become one of the hackers’ favorite targets to generate profits quickly. According to another recent study, hackers extracted more than $ 1 billion worth of cryptocurrencies during the third quarter of 2021.
By: Jenson Nuñez
