👁 Your Telegram is no longer yours

⚫️ A wave of sophisticated attacks on Telegram accounts is growing in the community. Attackers use social engineering and technical vulnerabilities to completely hijack accounts. Those who conduct business or interact with cryptocurrencies via the messenger are at increased risk. In the #antiscam section, we retell a recent post by Dr. Awesome Doge.

⚫️ Stage 1: Social engineering disguised as business meetings
It all starts with an attacker posing as an investor, recruiter, or journalist (it all depends on the scammer's imagination, the list can be wider) and offering an urgent video conference on Zoom. You are sent a link to an "installation file," which is actually a Trojan program.

⚫️ Stage 2: Telegram session theft
Malicious software silently copies the /tdata folder from your computer — it stores cryptographic keys for your Telegram session. Having obtained them, the attacker can log into your account from any device, bypassing SMS authentication.

⚫️ Stage 3: Using the 24-hour security rule
In Telegram, new sessions have limited rights for the first 24 hours. Attackers take advantage of this: they terminate your current session, you are forced to log in again — now your session is "new" and limited, while they retain the "old" one with full rights. After 24 hours, they gain full control and the ability to change the mobile number for logging into the account.

⚫️ Stage 4: Permanent access via Auth Key
Even if you change your password or enable two-factor authentication, the stolen Auth Key remains valid. This is a fundamental vulnerability of Telegram — the key is not updated and is not tied to the device.

⚫️ If the account has already been compromised, you should act immediately. Go to Telegram settings and terminate all sessions except the current one. Then enable two-factor authentication with the most reliable password — but remember that this does not invalidate the old Auth Key. A radical but sure step is to change the phone number in the account. This will guaranteed invalidate all previous session keys.

⚫️ Finally, we note that the basis of protection is digital hygiene. Never download software from suspicious sources, especially from chats with strangers. Develop a habit of checking active sessions at least once a week. And for confidential conversations, try to use only secret chats — they are not stored on servers and are protected by end-to-end encryption.

@thedailyton