Infostealer Echelon Targets Cryptocurrency Telegram Channels

Cybercriminals are distributing the Echelon infostealer through Telegram channels dedicated to cryptocurrency topics. According to researchers from SafeGuard Cyber Division Seven, attackers are using a Telegram account with the identifier “Smokes Night” to spread this malicious software. The main goal of Echelon is to steal users’ login credentials for cryptocurrency wallets and other accounts.

How the Attack Works

The attackers specifically target subscribers of Telegram channels focused on digital currencies. Experts report that the Echelon malware is posted directly in these channels, rather than being sent in response to specific messages. This approach allows the malware to reach a wide audience, especially new or inexperienced subscribers who may be more likely to fall for the scam.

What Echelon Steals

In addition to cryptocurrency wallets such as AtomicWallet, BitcoinCore, ByteCoin, Exodus, Jaxx, and Monero, Echelon is also interested in stealing credentials for:

• Discord
• Edge
• FileZilla
• OpenVPN
• Outlook
• Telegram itself

Coordinated Cyber Campaign

Researchers describe this as a well-coordinated cyber campaign, primarily targeting new or naive subscribers of cryptocurrency-related Telegram channels. While it is still unclear how successful the campaign has been overall, the attackers do not engage in conversations or respond to messages—they simply post the malicious file in the chat.

Potential Impact

So far, there have been no public complaints from users about this file, but experts warn that this does not mean the malware has failed to achieve its purpose. Users of cryptocurrency Telegram channels should remain vigilant and avoid downloading suspicious files posted in chats.