Community Intel & Discussions
⚠️ Security Alert: Man-in-the-Middle (MITM) Risk via Unofficial Client
Risk Category: High-Risk Third-Party Software / Data Interception
URLert.com has classified telega.me as a significant security risk to Telegram users. While marketed as a stable, VPN-free alternative to the official Telegram messenger, technical analysis and community reports indicate that this client is actively compromising user privacy through sophisticated interception techniques.
Specific Findings & Risks:
- Active MITM Attacks: Since March 2026, the application has been observed performing Man-in-the-Middle (MITM) attacks. The client redirects traffic from legitimate Telegram Data Centers (DCs) to malicious proxies controlled by the operator.
- Credential & Session Theft: By intercepting the
auth_keyduring the connection process, the operators gain full access to the user's Telegram account, including private messages, media, and contacts. - Weakened Encryption: The application utilizes unauthorized RSA keys and has been found to disable Perfect Forward Secrecy (PFS) by default, ensuring that all traffic can be recorded and decrypted by the service providers.
- Malicious Distribution: Recent reports indicate the domain has been used to distribute executable files (.exe) via complex redirect chains, increasing the risk of secondary malware infections.
- Administrative Control: The operators possess the capability to read, alter, or block messages and perform unauthorized actions on behalf of the user.
Recommendation: URLert.com strongly advises against using the Telega client or entering Telegram credentials on any site associated with telega.me. If you have used this application, immediately terminate all active sessions via the official Telegram app (Settings > Devices), enable Two-Step Verification (2FA), and uninstall the Telega software from all devices.
Community Security Report
Reported URL: https://x.telega.me/r/c/l4lc68 Threat Type: MALWARE
User Observation: Telega is an alternative Telegram client promoted in Russia and closely associated with VK LLC. Since March 18, Telega carries out a MITM attack on its users. The client requests (via Telega API) a list of IPs of Telega DCs in order to replaces the IPs of legitimate Telegram DCs with them. This provides the attacker with a complete users' Telegram account access.
Verified community report submitted via URLert.
URL: https://x.telega.me/r/c/l4lc68
User Assessment: Dangerous
AI Verdict: SUSPICIOUS (60% confidence)
Analysis: This link leads to a download of an executable file after several redirects, which can be risky if the source is not trusted.
Key Findings:
- The link redirects through multiple sites before reaching the final download.
- The final destination is a download of an executable file (.exe).
- The initial domain 'telega.me' is not directly associated with the final download source 'githubusercontent.com'.
User Comment: Telega is an alternative Telegram client promoted in Russia and closely associated with VK LLC. Since March 18, Telega carries out a MITM attack on its users. The client requests (via Telega API) a list of IPs of Telega DCs in order to replaces the IPs of legitimate Telegram DCs with them. This provides the attacker with a complete users' Telegram account access