MacOS Malware Steals Telegram Accounts And Chrome Data

July 26, 2021

A technique used by a specific MacOs malware, identified simply as “XCSSET,” steals users’ login information across multiple apps, providing operators with the necessary account theft details.

According to Trend Micro researchers, the malware, which infects local Xcode projects, collects sensitive information from certain applications from infected computer files that it sends to the command and control (C2) server.

Targeting Telegram among other malware applications, the malware created the “telegram.applescript” for the “keepcoder.Telegram” allowing attackers to log into the messaging app as the legitimate owner of the account.

For Google Chrome, the threat actors use a fake dialog to trick users into gaining administrator privileges for all of the attacker’s operations needed to get the Safe Storage Key which is stored in the user’s keychain as “chrome safe storage.” The threat actors gain the information needed to decrypt passwords stored in Chrome.

For more information, read the original story in BleepingComputer.

MacOS Malware Steals Telegram Accounts And Chrome Data

Top Stories

AI boom faces new constraint as helium disruption slows chip production

New Google update targets sensitive data exposure in search results

GitHub Copilot to train on user data by default

Microsoft pulls Copilot Chat from core Office apps for enterprise customers

OpenAI pauses ChatGPT erotic mode “indefinitely”

Researcher Says “APT” Label No Longer Reflects the Threat Landscape

Related Articles

New Google update targets sensitive data exposure in search results

GitHub Copilot to train on user data by default

Researcher Says “APT” Label No Longer Reflects the Threat Landscape

FCC bans import of new foreign-made routers over security concerns

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered