Fake Telegram installer site pushes malware with in-memory execution and Defender bypass

A fake Telegram download site is distributing a Windows installer that looks legitimate but launches a multi-stage malware chain designed to weaken defenses and run its final payload directly in memory. Researchers at K7 Labs say the campaign uses the typosquatted domain telegrgam[.]com, along with other lookalike domains, to trick users into downloading a trojanized […] The post Fake Telegram installer site pushes malware with in-memory execution and Defender bypass appeared first on VPN Central.