As for the Telegram bot, it's indeed included in the distribution, but it's an optional component. The user needs to install and run it themselves if they want to receive notifications in Telegram.

There's no miner in there, but a lot of cryptography is used—practically all communication between the core (which interacts with exchange servers) and the graphical client is encrypted using AES-256. Additionally, some exchanges require the use of RSA cryptography for signing all requests.

Why these three antivirus programs decided there was something suspicious—it's worth checking with them. We believe it's a false positive. The most paranoid antivirus programs (like Kaspersky/DrWeb) didn't find anything alarming in the binaries.

All binaries are signed with an EV certificate, which isn't easy to obtain. If this were an actual trojan or miner, the certificate would have been revoked long ago.