macOS Malware Bypasses Telegram 2FA, Targets Crypto Wallets
Security researchers have identified a new malware targeting macOS devices that compromises crypto users by bypassing Telegram's two-factor authentication. The malware hijacks Telegram Desktop sessions, steals passwords, and accesses wallet databases, affecting software wallets like Exodus, Atomic, Electrum, Wasabi, and Monero. It extracts sensitive data from macOS Keychain, Safari Cookies, Apple Notes, and more, enabling account takeovers and digital asset theft.
The attack exploits authenticated Telegram session data, allowing attackers to restore sessions on other devices without needing phone numbers or verification codes. This vulnerability undermines Telegram's 2FA, posing significant risks to crypto users who rely on Telegram for exchange services and community interactions. Attackers can impersonate users, access private chats, and distribute malicious links, heightening the threat to digital assets.