According to Odaily, SlowMist founder Yu Jian has reported that Eastern European hackers have recently released malware targeting macOS systems. Once executed, this malware automatically steals cookies, autofill information, password data, and locally encrypted mnemonic/private key files from browser extensions. Additionally, it can access information stored in the macOS Keychain, which often includes various passwords and other sensitive data.
Yu Jian explained that based on past emergency cases, whether on macOS or Windows, the attacker's steps are generally as follows: First, they decrypt the locally encrypted mnemonic/private key files from the wallet extensions. Some passwords are readily available locally, while others are obtained through brute force attacks. Consequently, some users' wallet assets are stolen days after the initial infection. If the target wallet's assets are minimal, the malware remains dormant until there are sufficient funds to steal.
Secondly, the malware compromises browser-stored account credentials, including those for platforms like X and various trading platforms. Lastly, it targets communication apps such as Telegram and Discord. Therefore, if infected, it is crucial to prioritize securing these accounts before performing antivirus scans or reinstalling the operating system to restore the system.