SlowMist Finds Dangerous Mac Malware That Targets Crypto Users

Share:
SlowMist disclosed a new macOS malware that silently harvests Telegram sessions, Apple Keychain entries, saved passwords and encrypted wallet databases, and can display fake Ledger/Trezor windows to capture recovery phrases, enabling attackers to take full control of crypto assets. The report warns this is especially risky for traders who use Telegram for OTC deals and private groups and recommends downloading only trusted apps, keeping recovery phrases offline, verifying hardware wallet prompts, logging out unknown Telegram sessions and keeping macOS and security software updated to mitigate security and custodial/noncustodial wallet risks.
Apple Mac users are no longer safe from crypto hackers. Blockchain security firm SlowMist has discovered a new malware that can steal Telegram accounts, crypto wallet data, passwords, and even recovery phrases.
The malware quietly targets macOS users and can give hackers full access to their digital assets.
Here’s the detailed report on how it was done by the hacker. So, read it to avoid getting hacked.
How the New Mac Malware Targets Crypto Users
According to SlowMist, the newly discovered malware is designed specifically for macOS devices. Once installed, it quietly collects sensitive information stored on the computer without alerting the victim.
The malware can steal data, including
- Telegram login sessions
- Saved passwords
- Apple Keychain data
- Browser credentials
- Notes stored on the Mac
- Encrypted crypto wallet databases
This means anyone who stores passwords, crypto wallets, or sensitive information on a Mac could become a target.
How Hackers Steal Crypto Using This Malware
SlowMist explained that the attack happens in several steps.
- Step one: A victim downloads or installs a malicious file disguised as a normal application.
- Step two: The malware secretly searches the Mac for Telegram sessions, browser passwords, Apple Keychain data, Notes, and encrypted wallet files.
- Step three: The stolen data is sent to the attacker, who can use the Telegram session without needing a login code.
- Step four: The malware displays fake Ledger or Trezor wallet windows that look almost identical to the real apps.
- Step five: When users enter their recovery phrase, it is immediately sent to the attacker, giving hackers complete control of the wallet.
How Telegram Users Face a Bigger Risk
The biggest concern is coming from the Telegram session theft. Because the malware steals active Telegram sessions instead of passwords, hackers can instantly access private chats without asking for verification codes.
Many crypto traders use Telegram for exchange accounts, OTC deals, and private investment groups, making these accounts highly valuable targets.
How Mac Users Can Stay Safe?
SlowMist recommends several steps to reduce the risk:
- Download apps only from trusted sources.
- Never enter your recovery phrase into pop-up wallet windows.
- Keep recovery phrases offline.
- Use hardware wallets carefully and verify every wallet prompt.
- Update macOS and security software regularly.
- Log out of Telegram sessions you do not recognize.
The security firm says even experienced crypto users can become victims if they trust fake wallet windows or install unknown software, making extra caution essential.
Read More



