It explains that the file that contains the malware is called "Present).rar", containing three files itself, one of which is the malicious element (present.exe). It seems to be a windows platform potential issue in this case (not Android/iPhone), and fortunately little extended.
The auto download feature should probably be disabled for safety per se, and thus allow the user for a more granular and attention based approach. Since the file is a .rar, and then you require executing the enclosed .exe, I don’t believe that happens on its own as an automatic corollary to the download process. Rather more, I figure, It should be the user that initiates this latter procedure, although the OP’s article does argue for the whole sequence to be automatic, which I find odd:
Quote
In general, this malware poses an enormous risk to Telegram users who depend on the application’s built-in auto-download feature. Once a file is received, the malware is automatically downloaded to the device without the user’s knowledge.
Following that, victims are not required to run or shut down any apps; the virus will simply be able to access the computer’s footprint and capture screenshots.
Following that, victims are not required to run or shut down any apps; the virus will simply be able to access the computer’s footprint and capture screenshots.
(*) See: https://www.safeguardcyber.com/hubfs/Threat%20Intel%20Reports/Threat%20Report_Echelon%20Malware%20-%20SafeGuard%20Cyber.pdf
