Telegram mobile clients proxy-link IP disclosure security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers demonstrated that Telegram mobile clients on Android and iOS can leak a user's real IP address when a disguised proxy link is tapped. The clients automatically perform a proxy test connection before the proxy is added, creating a path for targeted deanonymization. Telegram says it will add warnings for proxy links, but the exposure is still triggered by a single click.
Related Happenings
Roskomnadzor blocks WhatsApp in Russia
Public Sector Action
First: 13.02.2026 00:57
Last: 13.02.2026 00:57
Sources 1
About this happening:
**Roskomnadzor** is trying to **block WhatsApp** in **Russia**, escalating restrictions on communication platforms and limiting access for users who rely on the service. The move...
Roskomnadzor blocks WhatsApp in Russia
Public Sector ActionAbout this happening: **Roskomnadzor** is trying to **block WhatsApp** in **Russia**, escalating restrictions on communication platforms and limiting access for users who rely on the service. The move...
Telegram proxy-link warning rollout
Advisory/Mitigation
First: 12.01.2026 18:20
Last: 12.01.2026 18:20
Sources 1
How related:
That said, we're adding a warning that will show when clicking proxy links so users can be more aware of disguised links.
About this happening:
**Telegram** is adding a **warning for proxy links** after clicks on disguised links were shown to expose users' **real IP addresses**. The mitigation targets **Android and iOS**...
Telegram proxy-link warning rollout
Advisory/MitigationHow related: That said, we're adding a warning that will show when clicking proxy links so users can be more aware of disguised links.
About this happening: **Telegram** is adding a **warning for proxy links** after clicks on disguised links were shown to expose users' **real IP addresses**. The mitigation targets **Android and iOS**...
AI-assisted Truman Show investment fraud campaign
Campaign
First: 09.01.2026 13:00
Last: 09.01.2026 13:00
Sources 1
About this happening:
The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
AI-assisted Truman Show investment fraud campaign
CampaignAbout this happening: The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware Activity
First: 07.01.2026 18:00
Last: 07.01.2026 18:00
Sources 1
About this happening:
A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware ActivityAbout this happening: A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
Campaign
First: 05.01.2026 19:56
Last: 05.01.2026 19:56
Sources 1
About this happening:
**UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
CampaignAbout this happening: **UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
Timeline
-
12.01.2026 18:20 2 articles · 4mo ago
Telegram proxy links expose real IPs and prompt warning plan
Initial DisclosureResearchers demonstrated that Telegram clients on Android and iOS automatically attempt a proxy connection when a user taps a disguised internal link, allowing the proxy operator to log the user's real IP address before any proxy is added. The issue was surfaced through the Russian-language Telegram channel chekist42, widened by GangExposed RU, and further demonstrated by 0x6rss with a video PoC, after which Telegram said it will add warnings when users click proxy links.
Show sources
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20