Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Mac Malware Exploits Telegram Sessions for Unauthorized Access

Mac Malware Exploits Telegram Sessions for Unauthorized Access

Posted on July 16, 2026 By CWS

A recently identified macOS malware is compromising Telegram accounts by exploiting already active sessions, bypassing the need to crack passwords or two-factor authentication (2FA). This threat copies local session files, allowing unauthorized access on another device without triggering the usual login requirements.

How the Malware Operates

The malicious software targets the Telegram Desktop application by accessing the tdata directory in the user’s Library folder. It extracts session-related files and uploads them alongside other stolen data, including macOS Keychain information, browser credentials, and cryptocurrency wallet databases. This approach is characteristic of macOS-focused threats that target sensitive data.

According to SlowMist, whose report was shared with Cyber Security News, the malware can move an active Telegram session to another Mac, even with Telegram’s Two-Step Verification enabled. This is possible if the victim has not set up a distinct Telegram Desktop passcode.

Broader Implications and Risks

The malware’s impact extends beyond Telegram. It searches for and collects data from 16 different cryptocurrency wallet applications and examines Chromium browser profiles for wallet-extension details. By combining this information with passwords obtained through fake prompts, attackers can decrypt and misuse the data away from the original device.

This threat also replaces legitimate wallet applications with lookalike versions that redirect users to attacker-controlled web pages, making phishing attempts appear as part of a trusted application experience. Users are advised to remain vigilant about unexpected changes in wallet applications to prevent falling victim to these attacks.

Protective Measures and Recommendations

To mitigate the risk of infection, users should terminate active Telegram sessions from trusted devices and reset their login credentials. It’s crucial to update Telegram two-step verification passwords and Desktop passcodes, as well as rotate passwords stored in Keychain, browsers, and notes. Exposed wallets should be transferred to new recovery phrases on secure devices.

Users noticing altered wallet applications are encouraged to remove them, inspect their systems for persistence mechanisms, and only reinstall software from verified sources. Any recovery phrase entered into a suspicious application is considered compromised, necessitating further security measures.

Conclusion

This macOS malware underscores the importance of robust cybersecurity practices. By exploiting existing session data, it circumvents traditional security measures, posing a significant threat to personal and financial data. Staying informed and implementing strong security protocols can help mitigate the risks associated with this evolving threat landscape.

Cyber Security News Tags:2FA, browser credentials, Cryptocurrency, Cybersecurity, data theft, Keychain, macOS, Malware, session hijacking, Telegram

Post navigation

Previous Post: UK Sentences Scattered Spider Hackers to Prison

Related Posts

AppSuite PDF Editor Hacked to Execute Arbitrary Commands on The Infected System AppSuite PDF Editor Hacked to Execute Arbitrary Commands on The Infected System Cyber Security News
Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain Cyber Security News
Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions Cyber Security News
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware Cyber Security News
New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators Cyber Security News
Microsoft Details Security Risks of New Agentic AI Feature Microsoft Details Security Risks of New Agentic AI Feature Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison
  • TELEPUZ Malware Expands via ClickFix, Steals Data
  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison
  • TELEPUZ Malware Expands via ClickFix, Steals Data
  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark