Malware

MacOS malware hijacks Telegram sessions, targets crypto wallets

MacOS users are facing a new security threat from malware capable of hijacking Telegram Desktop sessions and stealing cryptocurrency wallet data. The malware, discovered by SlowMist researchers, exploits authenticated session files, bypassing standard security measures, according to Coin Central.

The macOS malware targets information stored locally on infected devices, including passwords, browser cookies, Apple Notes and Telegram Desktop session files. Instead of breaking login credentials, the malware copies existing authenticated session data. This allows attackers to restore access to a Telegram account on a different device without needing the user's phone number, verification codes, or even the two-step verification password, as the copied session bypasses these checks. The attack also targets popular cryptocurrency wallet applications such as Exodus, Atomic, Electrum, Wasabi, and Monero, as well as hardware wallet applications like Ledger Live and Trezor Suite. It also searches for full-node wallet databases for Bitcoin Core, Litecoin Core, Dash Core, and Dogecoin Core.

SlowMist advises users to immediately terminate all active Telegram sessions, change their two-step verification password and Telegram Desktop passcode, and move any funds from potentially compromised wallets to new, clean wallets on uncompromised devices.

Source: Coin Central

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds