BTC $63,976.07 +1.15%
ETH $1,843.85 +0.20%
BNB $570.02 +1.09%
XRP $1.08 +0.26%
SOL $74.91 +0.11%
TRX $0.3229 +0.17%
DOGE $0.0721 +0.23%
ADA $0.1658 +3.12%
BCH $219.00 +0.23%
LINK $8.26 +0.85%
HYPE $58.70 -2.66%
AAVE $87.73 -3.31%
SUI $0.7348 -0.32%
XLM $0.1836 -0.30%
ZEC $540.15 +1.07%
BTC $63,976.07 +1.15%
ETH $1,843.85 +0.20%
BNB $570.02 +1.09%
XRP $1.08 +0.26%
SOL $74.91 +0.11%
TRX $0.3229 +0.17%
DOGE $0.0721 +0.23%
ADA $0.1658 +3.12%
BCH $219.00 +0.23%
LINK $8.26 +0.85%
HYPE $58.70 -2.66%
AAVE $87.73 -3.31%
SUI $0.7348 -0.32%
XLM $0.1836 -0.30%
ZEC $540.15 +1.07%

macos

All
Article
Flash

macOS malware can bypass Telegram's two-factor authentication to steal cryptocurrency wallets and account permissions

According to FinanceFeeds, security researchers have discovered an information-stealing malware targeting macOS devices that is attacking cryptocurrency users. This malware can hijack Telegram Desktop sessions, steal passwords and wallet databases, further controlling user accounts and stealing digital assets. Currently affected wallets and applications include software wallets like Exodus, Atomic, Electrum, Wasabi, and Monero.The malware is capable of extracting sensitive information from macOS Keychain, Safari Cookies, Apple Notes, Telegram Desktop, and multiple cryptocurrency wallet-related databases, including login credentials, authenticated session files, wallet data, and browser extension information. Security analysis points out that the danger of this attack chain lies in its reliance not on a single wallet vulnerability, but on collecting various types of data from the device, linking device intrusion, account takeover, wallet cracking, and mnemonic phrase theft together. Among these, Telegram Desktop sessions have become a key target.Attackers can copy authenticated Telegram local session data and restore the login on another Mac device without needing to enter a phone number, verification code, or Telegram two-factor authentication password. This means that Telegram 2FA cannot provide complete protection in this attack scenario, as the attacker is not performing a new login but is exploiting an already trusted local session. For cryptocurrency users, the risks are further amplified. Since Telegram is widely used for exchange customer service, project communities, OTC trading, and wallet communication, once attackers gain access to user session permissions, they could impersonate the victim, read private chats, locate asset information, and even spread malicious links to contacts.

macOS Trojan Upgrade: Disguised as Signed Applications for Distribution, Users Face More Subtle Risks

The Chief Information Security Officer of Slow Fog, 23pds, shared that the MacSync Stealer malware, active on the macOS platform, has shown significant evolution, with user assets already being stolen.The forwarded article mentions that it has upgraded from early low-threshold inducement methods like "dragging to terminal" and "ClickFix" to code signing and notarized Swift applications by Apple, significantly enhancing its concealment. Researchers found that the sample spreads in the form of a disk image named zk-call-messenger-installer-3.9.2-lts.dmg, disguising itself as instant messaging or utility applications to induce users to download. Unlike previous versions, the new version does not require any terminal operations from the user; instead, a built-in Swift helper pulls and executes encoded scripts from a remote server, completing the information theft process.The malware has completed code signing and has been notarized by Apple, with the developer team ID being GNJLS3UYZ4, and the relevant hash has not been revoked by Apple during analysis. This means it has a higher "trustworthiness" under the default macOS security mechanisms, making it easier to bypass user vigilance. The research also found that the DMG is unusually large, containing bait files such as LibreOffice-related PDFs to further reduce suspicion.Security researchers point out that such information-stealing Trojans often target browser data, account credentials, and cryptocurrency wallet information. As malware begins to systematically abuse Apple’s signing and notarization mechanisms, the risks of phishing and private key leakage for cryptocurrency users in the macOS environment are on the rise.

Security companies: There has been a significant increase in password theft attacks targeting encrypted wallets, especially against Apple macOS users

ChainCatcher news, according to Forbes, security company ESET has just released its latest threat report, which examines the threat landscape trends from June to November 2024. The number of password theft attacks targeting cryptocurrency wallets has increased, with the most significant rise occurring among macOS users.The report states: "According to ESET's telemetry data for the second half of 2024, the number of password-stealing software across multiple platforms (especially Windows, macOS, and Android) has increased," but compared to the first half of the year, the detection of password-stealing software targeting cryptocurrency wallets on macOS has more than doubled. Meanwhile, the number of password-stealing software on the Windows platform grew by 56%, while financial threats on the Android platform, including password-stealing malware, increased by 20%.ESET's analysis shows that the number of password-stealing software targeting the macOS platform (especially those related to cryptocurrency wallet credentials) surged by 127%. Security researchers noted: "Although these threats cannot be simply classified as password-stealing software just because they have broader functionalities, they do reveal a significant upward trend in password theft activities on the macOS platform." From a geographical perspective, ESET's analysis indicates that attacks on Bitcoin and other cryptocurrencies targeting macOS are mostly aimed at the United States, followed by Italy, China, Spain, and Japan.
app_icon
ChainCatcher Building the Web3 world with innovations.