SlowMist Cosine: Users should be wary of the latest macOS Trojan that can steal encrypted wallets and sensitive information

Yu Xian, the founder of SlowMist, said in a post that in the Trojan attack software recently released by Eastern European hackers for macOS, once the Trojan runs (the running error you see is fake...), it will automatically steal the cookies, auto-fill information, password information, and the locally encrypted mnemonics/private key files of your extended wallets saved by your browsers. There is also information in the macOS Keychain, which is likely to contain your various passwords. In addition, there are some other sensitive information. From our past emergency cases, whether it is this type of Trojan on macOS or Win, once it occurs, the attacker's steps are generally as follows: 1. Unlock the locally encrypted mnemonics/private key files of the extended wallet. Some passwords are locally available, and some are brute-forced, so some people's wallet assets are stolen after a few days. If the target wallet assets are too small, it will lurk, and it will be automatically stolen one day; 2. The account permissions saved by the browser, such as X, trading platforms, etc., are hacked; 3. Telegram, Discord, etc. are hacked. Therefore, once you are attacked, give priority to handling these, and then disinfect or reinstall and restore.