A macOS malware campaign has been identified that can hijack Telegram sessions and substitute genuine cryptocurrency wallet applications with malicious versions, SlowMist reports.
The malicious operation was uncovered following a July 8 incident involving a counterfeit BuilDAO community app hosted on Google Sites. Users were initially redirected to a fabricated OAuth security page, enabling the attackers to gain access to sensitive information.
Once control was established, the malware copied crypto wallet databases and replaced trusted hardware wallet software with deceptive applications designed to compromise users' funds.
This sophisticated attack vector highlights increasing risks for macOS users who rely on Telegram for communication and third-party wallet applications for managing assets.
Security researchers continue monitoring this campaign, urging users to verify app authenticity and exercise caution when interacting with external communications or downloading software updates.
This material is for informational purposes and does not constitute financial advice.



