Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Mac Malware Exploits Telegram Sessions for Unauthorized Access

Mac Malware Exploits Telegram Sessions for Unauthorized Access

Posted on July 16, 2026 By CWS

A recently identified macOS malware is compromising Telegram accounts by exploiting already active sessions, bypassing the need to crack passwords or two-factor authentication (2FA). This threat copies local session files, allowing unauthorized access on another device without triggering the usual login requirements.

How the Malware Operates

The malicious software targets the Telegram Desktop application by accessing the tdata directory in the user’s Library folder. It extracts session-related files and uploads them alongside other stolen data, including macOS Keychain information, browser credentials, and cryptocurrency wallet databases. This approach is characteristic of macOS-focused threats that target sensitive data.

According to SlowMist, whose report was shared with Cyber Security News, the malware can move an active Telegram session to another Mac, even with Telegram’s Two-Step Verification enabled. This is possible if the victim has not set up a distinct Telegram Desktop passcode.

Broader Implications and Risks

The malware’s impact extends beyond Telegram. It searches for and collects data from 16 different cryptocurrency wallet applications and examines Chromium browser profiles for wallet-extension details. By combining this information with passwords obtained through fake prompts, attackers can decrypt and misuse the data away from the original device.

This threat also replaces legitimate wallet applications with lookalike versions that redirect users to attacker-controlled web pages, making phishing attempts appear as part of a trusted application experience. Users are advised to remain vigilant about unexpected changes in wallet applications to prevent falling victim to these attacks.

Protective Measures and Recommendations

To mitigate the risk of infection, users should terminate active Telegram sessions from trusted devices and reset their login credentials. It’s crucial to update Telegram two-step verification passwords and Desktop passcodes, as well as rotate passwords stored in Keychain, browsers, and notes. Exposed wallets should be transferred to new recovery phrases on secure devices.

Users noticing altered wallet applications are encouraged to remove them, inspect their systems for persistence mechanisms, and only reinstall software from verified sources. Any recovery phrase entered into a suspicious application is considered compromised, necessitating further security measures.

Conclusion

This macOS malware underscores the importance of robust cybersecurity practices. By exploiting existing session data, it circumvents traditional security measures, posing a significant threat to personal and financial data. Staying informed and implementing strong security protocols can help mitigate the risks associated with this evolving threat landscape.

Cyber Security News Tags:2FA, browser credentials, Cryptocurrency, Cybersecurity, data theft, Keychain, macOS, Malware, session hijacking, Telegram

Post navigation

Previous Post: UK Sentences Scattered Spider Hackers to Prison
Next Post: New macOS Malware Forces Password Handover

Related Posts

Malicious NuGet Package Targets Sicoob Banking Credentials Malicious NuGet Package Targets Sicoob Banking Credentials Cyber Security News
Google Chrome May Soon Turn Webpages Into Podcasts With AI Audio Overviews Google Chrome May Soon Turn Webpages Into Podcasts With AI Audio Overviews Cyber Security News
Critical PNG Vulnerabilities Threaten System Security Critical PNG Vulnerabilities Threaten System Security Cyber Security News
OnionDrop Campaign Delivers LegionLoader via gainmsg C2 OnionDrop Campaign Delivers LegionLoader via gainmsg C2 Cyber Security News
Network Security Checklist – 2026 Network Security Checklist – 2026 Cyber Security News
Critical FFmpeg Vulnerabilities Allow Remote Code Execution Critical FFmpeg Vulnerabilities Allow Remote Code Execution Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth
  • New macOS Malware Forces Password Handover
  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth
  • New macOS Malware Forces Password Handover
  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark