New infostealer malware hides on Mac disguised as official Apple tools
Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. HTML source code showing the construction of the malicious AppleScript. Image credit: SentinelOne The malware abuses AppleScript and legitimate macOS system processes to hide its activity and avoid some traditional malware scanning tools. SentinelOne said Reaper is a more advanced version of the SHub Stealer malware family that has circulated through macOS-focused criminal campaigns for the last two years. Earlier SHub variants relied on fake installers and "ClickFix" social engineering tricks that pushed victims into pasting malicious commands into Terminal. Reaper expands on those tactics by abusing trusted macOS tools and familiar branding to make the malware look legitimate. Attackers now move that process into Script Editor through the `applescript://` URL scheme. Continue Reading on AppleInsider | Discuss on our Forums
What happened?
Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. HTML source code showing the construction of the malicious AppleScript. Image credit: SentinelOne The malware abuses AppleScript and legitimate macOS system processes to hide its activity and avoid some traditional malware scanning tools. SentinelOne said Reaper is a more advanced version of the SHub Stealer malware family that has circulated through macOS-focused criminal campaigns for the last two years. Earlier SHub variants relied on fake installers and "ClickFix" social engineering tricks that pushed victims into pasting malicious commands into Terminal. Reaper expands on those tactics by abusing trusted macOS tools and familiar branding to make the malware look legitimate. Attackers now move that process into Script Editor through the `applescript://` URL scheme. Continue Reading on AppleInsider | Discuss on our Forums
Story details
Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files.
HTML source code showing the construction of the malicious AppleScript.
Image credit: SentinelOne The malware abuses AppleScript and legitimate macOS system processes to hide its activity and avoid some traditional malware scanning tools.
Why it matters
This page keeps Apple rumors separate from official updates, so readers can follow early reports without confusing them with confirmed announcements.