-
Cybercriminals are hiding malware inside Telegram file attachments to steal passwords, take over accounts, and control computers.
-
Cambodian officials say Telegram account hijacking cases have increased as attackers trick users into opening harmful files.
-
Experts urge users to avoid unknown attachments, check file types carefully, and secure their accounts before it is too late.
Opening a file through Telegram may seem harmless. However, Cambodian officials now warn that a single click could hand cybercriminals full access to a person’s computer and online accounts.
Authorities say attackers are sending malware through Telegram and other messaging services. They disguise the harmful files as normal documents. Once a victim opens the attachment, the malware quietly infects the device.
The warning follows a recent rise in Telegram account theft across Cambodia. Officials say attackers now use these stolen accounts for many online scams. On July 11, Cambodia’s Minister of Post and Telecommunications, Chea Vandeth, urged people to stay alert when receiving files through messaging platforms.
According to the minister, users should avoid opening files with extensions such as .exe, .vbs, .bat, .sh, .ps1, .scr, and .msi unless they fully trust the sender. These file types can carry malware that steals banking details, passwords, and other sensitive information.
They can also let criminals control a victim’s computer from another location. He also advised users to accept files only from trusted contacts, check every file extension before opening an attachment, avoid clicking “Run” or “Install” unless they know the source, and keep antivirus software updated.
Telegram account theft continues to rise
Cambodia’s General Department of Digital Technology and Education Dissemination says it has recorded a sharp increase in Telegram account hijacking attempts. Department spokesperson Iv Veasna said attackers now focus on Telegram accounts connected to desktop computers. They often spread malware by hiding it inside files that appear safe.
The rise in attacks coincides with revelations that Telegram exposes device identifiers, potentially enabling user tracking.
According to Veasna, this attack method is not new. However, criminals now rely on Telegram’s growing user base to reach more victims. Investigations also suggest that many of these campaigns come from outside Cambodia.
He also pointed to findings from cybersecurity firm Kaspersky. According to the company, hijacked Telegram (TG) accounts often become tools for investment fraud, job fraud, fake technical aid schemes, impersonation attacks, malicious link distribution, and fake online advertisements.
The stolen accounts also help criminals appear trustworthy. Friends and family often believe messages because they come from someone they already know. That makes these attacks even more dangerous.
Criminals now customize their tricks for Cambodian users
Information tech as well as digital security veteran, Chy Sophat, stated the government’s alert comes at a time when cybercriminals are becoming far more aggressive. He explained that opening one of these harmful files can cause much more than losing access to Telegram.
According to Sophat, a single attachment can infect a computer with malware, expose private information, and even spread the infection to other users. He also said attackers appear to be changing their methods to fool Cambodian victims more easily.
One detail stood out during his review. According to Sophat, many scammers now write their messages in Khmer and give their files Khmer names. These changes make the attachments look genuine and increase the chances that people will open them.
Many users also save passwords and other private information inside Telegram conversations. That habit creates another risk. Sophat explained that once criminals break into a Telegram account, they can collect personal information and stored passwords. They may then use those details to enter other online accounts for financial gain or other criminal activities.
Officials share recovery steps for victims
Veasna said anyone who loses access to a Telegram account should first try signing in from a device that was previously used with the account. Users should then request an SMS verification code. If that does not work, they can use Telegram’s feature for password recovery with their registered email and phone number.
However, officials also warned that support responses may sometimes be limited. Authorities also outlined several steps for anyone who has already opened a suspicious attachment. Users should immediately close any unknown Telegram sessions, change their Two-Step Verification password, and scan their computer for malware. They should also sign out of banking services and other important online accounts until they know their device is clean.
If necessary, they should reinstall the computer’s operating system to completely remove the malicious software. Officials also urged victims to report any accounts used for impersonation, money scams, or online fraud.
Reports can be made to the National Police or the nearest provincial police office. Additional help is available through the National Police hotline, 117. The recent warning highlights how a simple file attachment can quickly become a serious cybersecurity threat.
A message from a familiar contact does not always mean it is safe. Checking the sender, reviewing the file extension, and avoiding unknown downloads could stop an attack before it begins. For many users, those few extra seconds may be the difference between staying secure and losing control of their digital lives.