Gandalf_The_Grey
Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,593
A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices.
The installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two files, an actual Telegram installer, and a malicious downloader.
While the legitimate Telegram installer dropped alongside the downloader isn't executed, the AutoIT program does run the downloader (TextInputh.exe).
At this time, it is unknown how the malware is being distributed but similar malware campaigns impersonating legitimate software were distributed via YouTube videos, forum spam, and shady software sites.