Source link : https://tech365.info/new-infostealer-malware-hides-on-mac-disguised-as-official-apple-instruments/
HTML supply code exhibiting the development of the malicious AppleScript. Picture credit score: SentinelOne
Safety researchers say a brand new macOS infostealer referred to as SHub Reaper disguises itself as Apple safety software program to steal passwords, cryptocurrency wallets, and delicate recordsdata.
The malware abuses AppleScript and legit macOS system processes to cover its exercise and keep away from some conventional malware scanning instruments.
SentinelOne stated Reaper is a extra superior model of the SHub Stealer malware household that has circulated via macOS-focused legal campaigns for the final two years. Earlier SHub variants relied on faux installers and “ClickFix” social engineering tips that pushed victims into pasting malicious instructions into Terminal.
Reaper expands on these techniques by abusing trusted macOS instruments and acquainted branding to make the malware look respectable. Attackers now transfer that course of into Script Editor via the `applescript://` URL scheme.
The shift helps bypass among the protections Apple added in macOS Tahoe 26.4 for Terminal-based assault chains. Completely different levels of the an infection chain use completely different disguises to make the malware look respectable.
Victims could obtain faux WeChat or Miro installers from domains designed to resemble Microsoft infrastructure. Later levels current faux Apple safety updates and conceal persistence recordsdata inside directories that mimic…
—-
Author : tech365
Publish date : 2026-05-19 11:17:00
Copyright for syndicated content belongs to the linked Source.
—-
1 – 2 – 3 – 4 – 5 – 6 – 7 – 8