The discussion concerns disguised proxy links that automatically compel the messenger client to “call” an attacker’s server and reveal the victim’s location.
How does the threat operate?
A specially crafted link of the format t.me/proxy?… is masked as a typical username (for instance, @username).
Upon tapping it in the Telegram mobile application, it automatically and unnoticed by the user attempts to connect to the specified proxy server to check its availability.
The owner of this server instantly receives and logs the victim’s real IP address, which can lead to their de-anonymization, location determination, or serve as the initial step for a targeted attack.
Why is this perilous?
This vulnerability poses a particular danger to journalists, activists, and everyone who utilizes Telegram and proxies specifically for maintaining anonymity. A single click on a link in a trusted chat can negate all precautions.
Telegram’s Reaction and Advice
The messenger’s developers do not consider the situation a unique flaw, yet they have vowed to introduce a warning when navigating such links. While the update is pending, experts advise exercising extreme caution and avoiding clicks on suspicious t.me links, especially on mobile devices.
About the Author
