macOS Malware Hijacks Telegram Sessions to Steal Crypto Wallet Data

macOS Malware Hijacks Telegram Sessions to Steal Crypto Wallet Data

First seen 17 Jul 2026, 23:55 UTC CybersecuritynewsFeeds.FeedburnerChaincatcher 78% similarity 69.8

Article Content

Browse articles
ThreatCluster

Security researchers have identified a new macOS malware that targets cryptocurrency users by hijacking Telegram Desktop sessions. This malware extracts sensitive information from local files, including passwords, browser cookies, and authenticated session data, allowing attackers to access Telegram accounts without needing verification. The malware specifically targets popular cryptocurrency wallets such as Exodus, Atomic, Electrum, Wasabi, and Monero. By copying existing authenticated session files, attackers can bypass two-factor authentication and impersonate victims, posing significant risks to their digital assets. Users are advised to terminate active Telegram sessions and secure their accounts immediately. The malware's reliance on local data rather than exploiting vulnerabilities makes it particularly dangerous.

Key Points: • New macOS malware targets Telegram Desktop sessions and cryptocurrency wallets. • Attackers can bypass two-factor authentication by copying authenticated session files. • Users are urged to secure their accounts and terminate active sessions immediately.

ThreatCluster AI

Timeline

2026-07-16
Malware analysis published
Cybersecurity experts detailed how the malware exploits local session data to gain unauthorized access to Telegram accounts.
Cybersecuritynews
2026-07-17
Malware discovered targeting macOS users
Researchers found malware that hijacks Telegram sessions to steal cryptocurrency wallet data, affecting various wallets and applications.
Chaincatcher
2026-07-17
Security advisory issued
SlowMist researchers recommended users terminate active Telegram sessions and change passwords to mitigate risks from the malware.
Feeds.Feedburner

Community

Browse all →