It's interesting cuz they're saying it's a stolen SSO cookie. Chrome on macOS stores cookies encrypted under a key that's stored in the keychain. So does Safari. To get to the key one of three things must have happened:
1. The engineer was prompted to give the malware (PTX app?) access to the browser key, and agreed to this. Big mistake if so.
2. The malware has an exploit for macOS security.
3. The malware has a way to take over the browser cross-process.
Hardware security keys don't help in this case. What helps is either users not granting malware access to critical secrets, OR, operating system security being enhanced.
1. The engineer was prompted to give the malware (PTX app?) access to the browser key, and agreed to this. Big mistake if so.
2. The malware has an exploit for macOS security.
3. The malware has a way to take over the browser cross-process.
Hardware security keys don't help in this case. What helps is either users not granting malware access to critical secrets, OR, operating system security being enhanced.