MacOS Malware Steals Telegram Accounts And Chrome Data

July 26, 2021

A technique used by a specific MacOs malware, identified simply as “XCSSET,” steals users’ login information across multiple apps, providing operators with the necessary account theft details.

According to Trend Micro researchers, the malware, which infects local Xcode projects, collects sensitive information from certain applications from infected computer files that it sends to the command and control (C2) server.

Targeting Telegram among other malware applications, the malware created the “telegram.applescript” for the “keepcoder.Telegram” allowing attackers to log into the messaging app as the legitimate owner of the account.

For Google Chrome, the threat actors use a fake dialog to trick users into gaining administrator privileges for all of the attacker’s operations needed to get the Safe Storage Key which is stored in the user’s keychain as “chrome safe storage.” The threat actors gain the information needed to decrypt passwords stored in Chrome.

For more information, read the original story in BleepingComputer.

MacOS Malware Steals Telegram Accounts And Chrome Data

Top Stories

Snap unveils first consumer AR glasses priced at more than $2,000

Key U.S. data center law faces expiration with no replacement in sight

Starlink introduces $10 monthly hardware rental fee

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

Meta faces backlash after facial recognition code found in smart glasses app

Apple reportedly taps Google Gemini and Nvidia Blackwell Chips for new Siri

Related Articles

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

TND News Desk

TND News Desk

Jim Love