XCSSET has been targeting developers for more than a year by infecting local Xcode projects. The malware creates the archive telegram.applescript for the keepcoder.Telegram folder under the Group Containers directory. Collecting the Telegram folder allows the hackers to log into the messaging app as the owner of the account. Researchers also analyzed the method used to steal the passwords saved in Google Chrome, a technique that requires user interaction and has been described since at least 2016.
Source: https://www.bleepingcomputer.com/news/security/macos-malware-steals-telegram-accounts-google-chrome-data/