MacTech

ClickFix attack uses Script Editor instead of Terminal on macOS

Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
AppleInsider

New infostealer malware hides on Mac disguised as official Apple tools

Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. The malware abuses ...

Shub 新变种 Reaper 盯上 macOS,并借 AppleScript 安装后门

IT之家 5 月 19 日消息,网络安全公司 SentinelOne 最新披露 Reaper 信息窃取器,针对 macOS 用户改用 AppleScript 发起攻击,并借假冒 WeChat、Miro 安装包诱导下载。 SentinelOne 披露称 ...
CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...
Dark Reading

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to ...

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...
Tidbits

#1797: OS 26.4 updates, Mac Pro discontinued, Script Editor issues in macOS 26.4, input ...

This week brings endings and beginnings: Adam Engst reports that Apple has discontinued the Mac Pro, while OS 26.4 arrives with Apple Music’s AI-powered Playlist Playground, independent Family Sharing ...