{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiggrejkwtnmlzqoq47dpzlezoesfnzwxwl6qj6jvrath23kqlvtjy",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mhdzpxhwuer2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifteqntpabl5is65tmrfwoodhtk3y2g7bcft4cildszmmpsmxgk6i"
    },
    "mimeType": "image/jpeg",
    "size": 81973
  },
  "path": "/fake-telegram-installer-site-pushes-malware-with-in-memory-execution-and-defender-bypass/",
  "publishedAt": "2026-03-18T13:59:42.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Fake Telegram installer site pushes malware with in-memory execution and Defender bypass",
    "VPN Central"
  ],
  "textContent": "A fake Telegram download site is distributing a Windows installer that looks legitimate but launches a multi-stage malware chain designed to weaken defenses and run its final payload directly in memory. Researchers at K7 Labs say the campaign uses the typosquatted domain telegrgam[.]com, along with other lookalike domains, to trick users into downloading a trojanized […]\n\nThe post Fake Telegram installer site pushes malware with in-memory execution and Defender bypass appeared first on VPN Central.",
  "title": "Fake Telegram installer site pushes malware with in-memory execution and Defender bypass"
}