BTC $64,127.08 +0.01%
ETH $1,843.39 -1.67%
BNB $567.98 -1.21%
XRP $1.08 -0.63%
SOL $75.13 -0.95%
TRX $0.3227 -0.06%
DOGE $0.0727 -0.38%
ADA $0.1658 +1.91%
BCH $220.58 -0.59%
LINK $8.25 -2.05%
HYPE $59.81 -4.22%
AAVE $90.54 -1.80%
SUI $0.7395 -1.03%
XLM $0.1868 -1.89%
ZEC $544.24 +1.01%
BTC $64,127.08 +0.01%
ETH $1,843.39 -1.67%
BNB $567.98 -1.21%
XRP $1.08 -0.63%
SOL $75.13 -0.95%
TRX $0.3227 -0.06%
DOGE $0.0727 -0.38%
ADA $0.1658 +1.91%
BCH $220.58 -0.59%
LINK $8.25 -2.05%
HYPE $59.81 -4.22%
AAVE $90.54 -1.80%
SUI $0.7395 -1.03%
XLM $0.1868 -1.89%
ZEC $544.24 +1.01%

cat

All
Article
Flash

macOS malware can bypass Telegram's two-factor authentication to steal cryptocurrency wallets and account permissions

According to FinanceFeeds, security researchers have discovered an information-stealing malware targeting macOS devices that is attacking cryptocurrency users. This malware can hijack Telegram Desktop sessions, steal passwords and wallet databases, further controlling user accounts and stealing digital assets. Currently affected wallets and applications include software wallets like Exodus, Atomic, Electrum, Wasabi, and Monero.The malware is capable of extracting sensitive information from macOS Keychain, Safari Cookies, Apple Notes, Telegram Desktop, and multiple cryptocurrency wallet-related databases, including login credentials, authenticated session files, wallet data, and browser extension information. Security analysis points out that the danger of this attack chain lies in its reliance not on a single wallet vulnerability, but on collecting various types of data from the device, linking device intrusion, account takeover, wallet cracking, and mnemonic phrase theft together. Among these, Telegram Desktop sessions have become a key target.Attackers can copy authenticated Telegram local session data and restore the login on another Mac device without needing to enter a phone number, verification code, or Telegram two-factor authentication password. This means that Telegram 2FA cannot provide complete protection in this attack scenario, as the attacker is not performing a new login but is exploiting an already trusted local session. For cryptocurrency users, the risks are further amplified. Since Telegram is widely used for exchange customer service, project communities, OTC trading, and wallet communication, once attackers gain access to user session permissions, they could impersonate the victim, read private chats, locate asset information, and even spread malicious links to contacts.
app_icon
ChainCatcher Building the Web3 world with innovations.