On September 10th, the founder of Slow Mist, Cosine, said that in the recent Trojan attack software released by Eastern European hackers for macOS, once the Trojan runs (you see that the running error is fake...), it automatically steals the cookies saved by your browser, auto-fill information, password information, and mnemonic/private key files encrypted locally in the extended wallet. There is also information in the macOS Keychain, which is likely to have various passwords for you. Plus some other sensitive information. In the past, it seems that whether it is a Trojan on macOS or Win, once it occurs, the attacker's steps are generally as follows: 1. Solve the mnemonic/private key file that expands the local encryption of the wallet. Some passwords are ready-made locally, and some are run violently, so some people's wallet assets are stolen after a few days. If the target wallet assets are too small, they are lurking, and one day they will be automatically stolen; 2. The account permissions saved by the browser, such as X, trading platform, etc. are hacked; 3. Telegram, Discord, etc. are hacked. So, once you get hit, give priority to these, and then disinfect or reinstall and restore.