Chaincatcher
macOS Malware Hijacks Telegram Sessions to Steal Crypto Wallet Data
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security researchers have identified a new macOS malware that targets cryptocurrency users by hijacking Telegram Desktop sessions. This malware extracts sensitive information from local files, including passwords, browser cookies, and authenticated session data, allowing attackers to access Telegram accounts without needing verification. The malware specifically targets popular cryptocurrency wallets such as Exodus, Atomic, Electrum, Wasabi, and Monero. By copying existing authenticated session files, attackers can bypass two-factor authentication and impersonate victims, posing significant risks to their digital assets. Users are advised to terminate active Telegram sessions and secure their accounts immediately. The malware's reliance on local data rather than exploiting vulnerabilities makes it particularly dangerous.
Key Points: • New macOS malware targets Telegram Desktop sessions and cryptocurrency wallets. • Attackers can bypass two-factor authentication by copying authenticated session files. • Users are urged to secure their accounts and terminate active sessions immediately.