MacOS malware steals Telegram accounts, Google Chrome data


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts.

Dubbed XCSSET, the malware keeps evolving and has been targeting macOS developers for more than a year by infecting local Xcode projects.

Collecting the Telegram folder allows the hackers to log into the messaging app as the legitimate owner of the account.

Researchers at Trend Micro explain that copying the stolen folder on another machine with Telegram installed gives the attackers access to the victim’s account.

XCSSET can steal sensitive data this way because normal users can access the Application sandbox directory with read and write permissions.

“Not all executable files are sandboxed on macOS, which means a simple script can steal all the data stored in the sandbox directory” - Trend Micro