MacOS Malware Steals Telegram Accounts And Chrome Data

July 26, 2021

A technique used by a specific MacOs malware, identified simply as “XCSSET,” steals users’ login information across multiple apps, providing operators with the necessary account theft details.

According to Trend Micro researchers, the malware, which infects local Xcode projects, collects sensitive information from certain applications from infected computer files that it sends to the command and control (C2) server.

Targeting Telegram among other malware applications, the malware created the “telegram.applescript” for the “keepcoder.Telegram” allowing attackers to log into the messaging app as the legitimate owner of the account.

For Google Chrome, the threat actors use a fake dialog to trick users into gaining administrator privileges for all of the attacker’s operations needed to get the Safe Storage Key which is stored in the user’s keychain as “chrome safe storage.” The threat actors gain the information needed to decrypt passwords stored in Chrome.

For more information, read the original story in BleepingComputer.

MacOS Malware Steals Telegram Accounts And Chrome Data

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered