telegram echelon

Echelon Infostealer Drops in via Telegram

Researchers have discovered a new variant of Echelon credential stealer malware that attempts to steal crypto wallets belonging to users of several file-sharing and messaging platforms.

What has been discovered?

Researchers from SafeGuard Cyber have identified a sample of the Echelon malware posted on a popular Telegram channel.
  • The attackers were spotted spreading the malware using the Telegram handle Smokes Night. 
  • Researchers believe that the campaign was a spray-and-pray effort and not part of any coordinated campaign.
  • Attackers attempted to lure novice and unsuspecting users by posting in a Telegram channel that focused on discussions about cryptocurrency. The ultimate goal was to infect users with the Echelon infostealer.

Echelon infostealer

Echelon is a known infostealer malware, discovered first in 2018.
  • Echelon aims to steal login credentials from popular file-sharing platforms and messaging applications including FileZilla, Discord, Outlook, Edge, OpenVPN, and Telegram.
  • It also targets the credentials for several cryptocurrency wallets, including Exodus, BitcoinCore, ByteCoin, Jaxx, AtomicWallet, and Monero.

Additional technical detailsAdditional technical details

Echelon is written in .NET that boasts of several evasion features that hinder the detection and analysis of this malware.
  • The Echelon payload is delivered in a RAR file "present).rar," which comprises three files: "pass – 123.txt" (a genuine text file containing a password), "DotNetZip.dll" (a class library file containing non-malicious tools set for manipulating zip files), and "Present.exe" (the malicious executable payload that steals credentials).
  • The Echelon malware includes two anti-debugging functions, that would terminate the malicious process as soon as it detects and debugger or malware analysis tools.
  • Moreover, the malware uses the open-source tool ConfuserEx to further obfuscate its code.

Ending notes

By leveraging trustworthy social media channels such as Telegram, Echelon infostealer lays an effective trap for unsuspecting users. Moreover, it targets a variety of popular cryptocurrency wallets, making it a serious threat to all cryptocurrency users.

Source: https://cyware.com/news/echelon-infostealer-drops-in-via-telegram-0b5a3d87


If you are interested in this content, you can follow my LinkedIn and Twitter accounts and access more content.


Join our list

Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.

Haber bültenine kaydolduğunuz için teşekkürler!

Something went wrong.

Leave a Comment

Echelon Infostealer Drops in via Telegram

2 min