Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/One-Click Telegram Flaw Exposes Real IP Addresses, Bypassing Proxies on Android and iOS
CyberSecurity News

One-Click Telegram Flaw Exposes Real IP Addresses, Bypassing Proxies on Android and iOS

Telegram’s mobile clients contain a stealthy flaw that enables attackers to unmask users’ real IP addresses with a single click. This vulnerability bypasses proxy protections, exposing even...

Jennifer sherman
Jennifer sherman
January 12, 2026 2 Min Read
28 0

Telegram’s mobile clients contain a stealthy flaw that enables attackers to unmask users’ real IP addresses with a single click. This vulnerability bypasses proxy protections, exposing even individuals attempting to conceal their location. Dubbed a “one-click IP leak,” it transforms seemingly innocuous username links into potent tracking weapons.

The issue hinges on Telegram’s automatic proxy validation mechanism. When users encounter a disguised proxy link, often embedded behind a username (e.g., t.me/proxy?server=attacker-controlled), the app pings the proxy server before adding it.

Crucially, this ping bypasses all user-configured proxies, routing directly from the victim’s device and exposing their true IP. No secret key is required, mirroring NTLM hash leaks on Windows, where authentication attempts betray the client.

Cybersecurity expert @0x6rss demonstrated an attack vector on X (formerly Twitter) and shared a proof-of-concept: a 1-click Telegram IP Leak. “Telegram auto-pings the proxy before adding it,” they noted. “Request bypasses all configured proxies. Your real IP is logged instantly.”

ONE-CLICK TELEGRAM IP ADDRESS LEAK!

In this issue, the secret key is irrelevant. Just like NTLM hash leaks on Windows, Telegram automatically attempts to test the proxy. Here, the secret key does not matter and the IP address is exposed.
Example of a link hidden behind a… https://t.co/KTABAiuGYI pic.twitter.com/NJLOD6aQiJ

— 0x6rss (@0x6rss) January 10, 2026

How the Attack Unfolds

Attackers craft malicious proxy URLs and mask them as clickable usernames in chats or channels. A targeted user clicks once, triggering:

  • Automatic proxy test: Telegram sends a connectivity probe to the attacker’s server.
  • Proxy bypass: The request ignores SOCKS5, MTProto, or VPN setups, using the device’s native network stack.
  • IP logging: Attacker’s server captures the source IP, geolocation, and metadata.

Both Android and iOS clients are vulnerable, affecting millions who rely on Telegram for privacy-sensitive communications. No user interaction beyond the click is needed; it’s silent and effective for doxxing, surveillance, or deanonymizing activists.

This flaw underscores risks in proxy-heavy apps amid rising state-sponsored tracking. Telegram, with over 950 million users, has yet to publicly patch it. Similar bypasses have plagued apps like Signal in the past.

Mitigations:

  • Disable auto-proxy detection in settings (if available).
  • Avoid clicking on unknown usernames/links.
  • Use firewall rules to block outbound proxy pings (e.g., via Little Snitch on iOS or AFWall+ on Android).
  • Monitor for patches via Telegram’s changelog.

Researchers urge immediate fixes. Telegram did not respond to requests for comment by press time.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityPatchSecurityVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Hackers Infiltrated n8n’s Community Node Ecosystem With a Weaponized npm Package

Next Post

Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us