Telegram Users Beware: Attackers Send Weaponized Excel File With Malicious Codes, Encoded Backdoor

A new report from the security team of tech giant Microsoft cautioned cryptocurrency holders and revealed that cybercriminals have devised a clever way to take over crypto accounts via Telegram chat.

With the already troubled crypto industry, security experts from Microsoft discovered that cybercriminals have a new way to victimize unsuspecting crypto holders.

Attackers have reportedly infiltrated various Telegram chat groups by pretending to be representatives of centralized crypto exchange platforms like Binance, Houbi and OKX. But, users might get tricked by their ploy since these cybercriminals have in-depth knowledge about exchanges, gas fees and other details people working in CEX platforms usually know.

The attackers' narrative is also very attractive among crypto holders, especially wealthy traders and those handling investment funds. Centralized crypto exchange platforms charge fees for every transaction in their platform, which is also known as gas fees, and when a substantial amount is being processed, it also means a higher cost of the gas fee.

After gaining the target's trust, the attackers would convince their victims to download a weaponized Excel file. Titled "OKX Binance & Huobi VIP fee comparision.xls," Microsoft said, it contains likely accurate data to increase the attackers' credibility.

"The threat actor has a broad knowledge of the cryptocurrency industry as well as the challenges their targets may face, increasing the sophistication of the attack and their chance of success," Microsoft said in a blog post. "The threat actor used Telegram, an app widely used in the field, to identify the profile of interest, gained the target's trust by discussing relevant topics, and finally sent a weaponized document that delivered a backdoor through multiple mechanisms," it added.

While the said file appears harmless, it is loaded with malicious codes. This will enable attackers to remotely access, and take over victims' systems using the backdoor - a malware type that negates normal authentication procedures. This includes stealing login credentials and draining the owner's digital wallets and crypto accounts.

Microsoft security experts warned that the cyber criminals may have run other similar campaigns and advised that users should always exercise caution when using the internet. Changpeng Zhao, the co-founder and CEO of Binance also alerted the cryptocurrency world on Tuesday about this, saying "don't download files" in a tweet.

"Compromised friends may send a weaponized Excel file with the name "exchange fee comparision.xls". It contains malicious code, encoded backdoor, etc.," the crypto executive added.