https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).
And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.
The threat actor who is distributing MacStealer was discovered by the Uptycs threat intelligence team during our dark web hunting. The stealer can extract documents, cookies from a victim’s browser, and login information. It affects Catalina and subsequent macOS versions riding on Intel M1 and M2 CPUs…
The stealer exhibits the following capabilities:
Collect the passwords, cookies, and credit card data from Firefox, Google Chrome, and Brave browsers
Extract files (“.txt”, “.doc”, “.docx”, “.pdf”, “.xls”, “.xlsx”, “.ppt”, “.pptx”, “.jpg”, “.png”, “.csv”, “.bmp”, “.mp3”, “.zip”, “.rar”, “.py”, “.db”)
Extract KeyChain database (base64 encoded)..A miscreant uses Telegram as a command and control platform to exfiltrate victims’ sensitive data…
