Telegram proxy-link warning rollout
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Telegram is adding a warning for proxy links after clicks on disguised links were shown to expose users' real IP addresses. The mitigation targets Android and iOS clients, where a tapped t.me/proxy link can trigger an automatic proxy test before any confirmation. The added prompt is meant to reduce targeted deanonymization and abuse from attacker-controlled proxies.
Related Happenings
India's Ministry of Electronics and Information Technology NEET-UG 2026 Delhi High Court Warned Telegram and imposed a nationwide block for June 18 affidavit block ahead of the
Public Sector Action
H score27
First: 18.06.2026 15:18
Last: 18.06.2026 15:18
Sources 1
About this happening:
**India's government** warned **Telegram** and imposed a **nationwide block** tied to alleged **NEET-UG 2026** exam-paper leaks, restricting access to the platform and leak-relate...
India's Ministry of Electronics and Information Technology NEET-UG 2026 Delhi High Court Warned Telegram and imposed a nationwide block for June 18 affidavit block ahead of the
Public Sector ActionAbout this happening: **India's government** warned **Telegram** and imposed a **nationwide block** tied to alleged **NEET-UG 2026** exam-paper leaks, restricting access to the platform and leak-relate...
Telegram mobile clients proxy-link IP disclosure security flaw
Vulnerability
H score20
First: 12.01.2026 18:20
Last: 12.01.2026 18:20
Sources 1
How related:
Security researchers have demonstrated this week that Telegram clients on both Android and iOS automatically attempt to connect to a proxy when a user taps a specially crafted internal link.
About this happening:
Researchers demonstrated that **Telegram** mobile clients on **Android and iOS** can leak a user's **real IP address** when a disguised proxy link is tapped. The clients automatic...
Telegram mobile clients proxy-link IP disclosure security flaw
VulnerabilityHow related: Security researchers have demonstrated this week that Telegram clients on both Android and iOS automatically attempt to connect to a proxy when a user taps a specially crafted internal link.
About this happening: Researchers demonstrated that **Telegram** mobile clients on **Android and iOS** can leak a user's **real IP address** when a disguised proxy link is tapped. The clients automatic...
AI-assisted Truman Show investment fraud campaign
Campaign
H score33
First: 09.01.2026 13:00
Last: 09.01.2026 13:00
Sources 1
About this happening:
The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
AI-assisted Truman Show investment fraud campaign
CampaignAbout this happening: The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware Activity
H score30
First: 07.01.2026 18:00
Last: 07.01.2026 18:00
Sources 1
About this happening:
A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
Android tap-to-pay malware relays NFC card data for fraudulent payments
Malware ActivityAbout this happening: A wave of **Android tap-to-pay malware** is enabling **unauthorized contactless payments** by relaying **NFC card data** from victims’ phones to criminal devices. The operation us...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
Campaign
H score33
First: 05.01.2026 19:56
Last: 05.01.2026 19:56
Sources 1
About this happening:
**UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware
CampaignAbout this happening: **UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...
Timeline
-
12.01.2026 18:20 2 articles · 5mo ago
Telegram adds warnings for disguised proxy links
Mitigation Patch UpdateTelegram said it will add a warning when users click proxy links, after researchers showed that specially crafted links disguised as ordinary usernames or harmless URLs on Android and iOS can trigger an automatic proxy test and expose a user's real IP address to the proxy operator.
Show sources
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20
- Hidden Telegram proxy links can reveal your IP address in one click — www.bleepingcomputer.com — 12.01.2026 18:20