MacOS malware steals Telegram accounts, Google Chrome data

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,322
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts.

Dubbed XCSSET, the malware keeps evolving and has been targeting macOS developers for more than a year by infecting local Xcode projects.

Collecting the Telegram folder allows the hackers to log into the messaging app as the legitimate owner of the account.

Researchers at Trend Micro explain that copying the stolen folder on another machine with Telegram installed gives the attackers access to the victim’s account.

XCSSET can steal sensitive data this way because normal users can access the Application sandbox directory with read and write permissions.

“Not all executable files are sandboxed on macOS, which means a simple script can steal all the data stored in the sandbox directory” - Trend Micro
 
Top