A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices.
The installer is a compiled AutoIt script named “Telegram Desktop.exe” that drops two files, an actual Telegram installer, and a malicious downloader.
While the legitimate Telegram installer dropped alongside the downloader isn’t executed, the AutoIT program does run the downloader (TextInputh.exe).