A Telegram account was discovered by researchers spreading the malicious Echelon malware against some users of a cryptocurrency channel on the messaging program. Moreover, they also identified a new strain of the Echolcon malware that tries to heist crypto wallets owned by individuals that use multiple messaging and file-sharing platforms.
Some notable platforms and messaging applications targeted by Echelon malware are Discord, Outlook, FileZilla, Edge, and Telegram.
Researchers discovered a sample variant of the Echelon malware displayed on a famous Telegram channel being spread by threat actors using the ‘Smokes Night’ Telegram account.
The researchers who discovered the info stealer believe that the operation was a spray-and-pray tactic and not affiliated with any existing info stealing campaign.
Furthermore, the threat actors tried to bait new and unaware users by discussing the cryptocurrency transactions on the Telegram channel; however, their main objective was to infiltrate the user’s account with Echelon info stealers malware.
The Echelon malware was first discovered in the early months of 2018. It aims to steal login credentials from famous messaging applications and file-sharing platforms like those mentioned above. Also, it targets the credentials of multiple cryptocurrency wallets such as BitcoinCore, Atomic Wallet, Monero, Exodus, ByteCoin, and Jaxx. The malware is written in [.]NET that pushes several evasion techniques that obstruct the analysis and detection of their malware.
The malware’s payload is distributed in a RAR file (present)[.]rar), which contains threat files named DotNetZip[.]dll (library file consisting of non-malicious tools set for commanding zip files), Present[.]exe (malicious executable dropper that steals credentials), and 123[.]txt (the open text file with a password). It also includes two anti-debugging abilities to remove the malicious operation as soon as it detects an analysis solution.
Lastly, the malware utilises the open-source functionality called ‘ConfuserEx’ to deepen the obfuscation of their operating.
The Echelon malware leverages trustworthy social media platforms such as Telegram to set an effective lure for novice and unaware users. It targets various famous cryptocurrency wallets, making it a potential threat to most cryptocurrency holders.