Let's look into the issue you mentioned first. To quote the article,
it contacts the threat actors using the publicly available Telegram Bot API and operates as a Telegram bot, using the public API to communicate with its creators.
it means that it's not about Telegram security; the malware in question just uses Telegram to communicate with its operators by publicly available means (that is API created by Telegram for bots). The Telegram account of victim of this malware won't be compromised by it either.
If you don't want to install anything, you can use the
web version of Telegram, besides CryptoPing doesn't ask for any personal information. Meanwhile we're working on adding the bot to more platforms.
Thanks for clarifying that. I had misread/misunderstood that page and thought that the particular trojan mentioned there used Telegram to spread.
However the Merkle seems to indicate that there's something else called RATAttack where...
The assailants first need to create their own proprietary telegram bot, which is relatively easy. The token generated by this bot needs to be edited into the RATs config file. Once someone interfaces with the bot, they will receive the RATAttack payload.
https://themerkle.com/open-source-remote-access-trojan-targets-telegram-users/Good to hear you're working on more platforms.