According to Moonlock Lab, the Odyssey trojan for macOS has surged recently, affecting over 100 countries. The malware steals passwords, cookies, and autofill data from Chrome, Brave, and Edge browsers, targeting wallet files from Electrum, Exodus, Ledger Live, and 15+ other crypto applications, alongside approximately 300 crypto extension IDs.
The trojan also harvests SSH keys, cloud service credentials, Keychain databases, Telegram and Discord data. It installs persistent background services and replaces legitimate apps like Ledger, Trezor, and Exodus with trojanized versions designed to steal assets.