The Proxy Trap: Single Click on Telegram Can Unmask Your Real IP Address

A cursory engagement with a hyperlink in Telegram can result in the inadvertent exfiltration of one’s authentic IP address, notwithstanding the user’s conviction that they are shielded by a proxy. Security researchers have identified a vulnerability that triggers autonomously, necessitating no further intervention from the victim beyond the initial interaction.

The crux of the issue resides in the mechanism by which Telegram evaluates proxy-server hyperlinks. Upon accessing such a link, the messaging client unilaterally attempts to verify the proxy’s reachability. In this instant, the application establishes a direct connection, thereby unmasking the user’s genuine IP address. Notably, any cryptographic keys typically associated with such links offer no protection in this specific trajectory.

This vulnerability is particularly insidious because the deleterious link can be masqueraded as a benign username. While it appears innocuous to the naked eye, a single click instigates the proxy verification process and precipitates the leakage of network metadata. This maneuver mirrors the mechanics of NTLM hash exfiltration in Windows, wherein the operating system initiates a network request clandestinely, devoid of user awareness.

The architecture of the assault utilizes Telegram’s standard format for proxy configuration—https://t.me/proxy?server=[IP]&port=[PORT]—allowing an adversary to substitute their own server credentials. Such a link is easily camouflaged behind a pseudonym or a seemingly legitimate web address; for instance, a mention of a popular account may secretly redirect to a malicious proxy endpoint. Upon interaction, Telegram’s automatic verification establishes an immediate handshake with the specified server, disclosing the user’s geographic and network identity.

From the victim’s perspective, the transition is seamless, lacking any cautionary prompts or confirmation requests, which significantly enhances the efficacy of the stratagem. This vulnerability affects Telegram clients on both Android and iOS platforms. For users who rely on the platform for anonymity or the handling of sensitive matters, this represents a formidable threat to their digital sanctity.

As of yet, the Telegram development team has issued no formal rejoinder. Users are exhorted to exercise extreme vigilance when encountering any links pertaining to proxy settings, even those masquerading as conventional profiles or messages from ostensibly familiar accounts.