Malware Popups on Telegram
Telegram channels and bots distribute links that trigger malware-style popup alerts in browsers, convincing victims to download malicious software or call fraudulent support numbers.
Part of: Malware Popups
Last reviewed: 1 June 2026
Malware popup scams on Telegram use the platform's file and link sharing to deliver pages that display alarming security alerts in the victim's browser. The alert claims the device is infected, a virus has been detected, or the device is being hacked, and provides a phone number or download button to 'resolve' the issue immediately.
Telegram's trusted-messenger status in some communities causes users to lower their guard when clicking links shared in what they believe are legitimate groups, increasing the click-through rate on malicious links compared to cold email.
How this scam works on Telegram
A Telegram channel or group post shares a link described as a useful tool, free resource, or news article. When clicked on a mobile or desktop browser, the page opens a full-screen popup with urgent warning language, blaring sound, and a prominent phone number or download button. The popup is designed to prevent the user from closing the browser tab normally.
Users who call the number reach a 'tech support' operator who guides them through installing remote-access software, ultimately taking over the device. Users who click the download button install malware that may log keystrokes, steal credentials, or enrol the device in a botnet.
Some Telegram bots automate the link distribution, sending the malicious URL to thousands of contacts simultaneously after harvesting phone numbers.
Common red flags
- Telegram link that opens a full-screen browser alert claiming device infection
- Alert that plays audio or prevents normal browser navigation
- Phone number displayed on the alert page as the only resolution path
- Download button offering a 'security tool' or 'virus remover'
- Telegram bot or channel that sends unsolicited links to users who have not requested them
- Link shared in a group with an urgent description designed to encourage immediate clicking
How to protect yourself
- Close any browser popup immediately using keyboard shortcuts (Alt+F4 or force-quitting the browser app) rather than clicking anything on the page
- Understand that legitimate security software does not alert you through browser popups with phone numbers
- Do not call any number displayed in a browser alert
- Do not download software prompted by a browser alert page
- Report the Telegram account or channel distributing the link
- Run a trusted security scan on your device if you believe you may have downloaded something
How to report it
- Report the Telegram account or channel using the in-app 'Report' function and select 'Harmful content'
- Submit the malicious URL to your national cybersecurity authority's phishing or malware reporting tool
- Report to your device's security app provider if malware was detected
Frequently asked questions
Why can I not close the browser tab when a malware popup appears?
Malware popup pages use JavaScript to block standard close actions, display dialog boxes that prevent navigation, or enter browser fullscreen mode. Force-quit the entire browser application using your device's task manager or app switcher rather than trying to close the individual tab.