SlowMist Reveals Vicious MacOS Malware Targeting Crypto Wallets and Telegram Accounts

Key highlights:

  • Slowmist uncovered a sophisticated malware targeting crypto wallets by stealing passwords.
  • Researchers found that the malware can also hijack Telegram Desktop accounts.
  • SlowMist urged users to rotate compromised credentials and terminate Telegram sessions.

Blockchain security firm SlowMist has identified a macOS information-stealing malware that can hijack Telegram accounts without a phone number or a verification code. The malware also targets cryptocurrency wallets and browser credentials, creating multiple paths for attackers to steal digital assets.

Malware steals digital assets via multiple attack paths

According to

SlowMist clarified that the phishing technique operates independently of the malware’s offline wallet decryption capabilities, giving attackers two separate methods of stealing cryptocurrency.

Beyond cryptocurrency wallets, the malware specifically targets Telegram Desktop by copying the application’s local tdata session directory. SlowMist restored the stolen session files onto another Mac and found that Telegram immediately synchronized the account without requesting a phone number or two-step verification password.

Users urged to rotate credentials and migrate wallets

SlowMist’s researchers recommend that users who suspect their Mac has been compromised should terminate all active Telegram sessions from a trusted device. The researchers pushed for users to change their two-step verification password and Telegram Desktop passcode.

Meanwhile, users who believe wallet databases or recovery phrases have been exposed should create new wallets and transfer all assets instead of relying solely on password changes. As malware targeting crypto wallets surges, pundits have made a strong case for cold storage over hot wallets.

However, on-chain sleuth ZachXBT branded hardware wallets as “garbage,” urging users to use a dedicated iPhone to store their cryptocurrencies. Critics poked holes in the argument, while other pundits prescribed advanced alternatives for token holders to store their tokens using an iPhone.

Meanwhile, Q2 2026 holds the record as the quarter with the most cryptocurrency hacks. Despite the volume of attacks by bad actors, victims recorded small losses compared to other quarters. 

Source:: SlowMist Reveals Vicious MacOS Malware Targeting Crypto Wallets and Telegram Accounts