CSO Online

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...
AppleInsider

New infostealer malware hides on Mac disguised as official Apple tools

Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. The malware abuses ...
Dark Reading

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to ...
MacTech

ClickFix attack uses Script Editor instead of Terminal on macOS

Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal ...
heise online

"ClickFix" attacks on macOS now also via Script Editor

An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs. Security researchers from MDM specialist Jamf have discovered a ...
Tidbits

#1797: OS 26.4 updates, Mac Pro discontinued, Script Editor issues in macOS 26.4, input source-related login failures, US router ban

This week brings endings and beginnings: Adam Engst reports that Apple has discontinued the Mac Pro, while OS 26.4 arrives with Apple Music’s AI-powered Playlist Playground, independent Family Sharing ...