MalwareBleeping Computer
9.5 — CRITICAL
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new variant of the SHub macOS infostealer, dubbed Reaper, uses AppleScript to trick users into installing a backdoor and stealing sensitive data. The attack relies on exploiting the Terminal-based mitigations introduced by Apple in late March.
⚙️Technical Details
Affected Systems
macOS
Attack Vectors
AppleScript URL schemeFake security update messagesLegitimate domains hosting fake installersDropbox account hosting executable
💥Impact Assessment
Severity: Critical
Who Is at Risk
Users of macOS with vulnerable browsers and wallets, including cryptocurrency wallet users and password manager users.
🛡️Recommended Actions
1Monitor for suspicious outbound traffic after Script Editor execution
2Check for new LaunchAgents and related files in the namespace of trusted vendors
3Regularly update macOS and browser software to patch vulnerabilities
📦Affected Products
Software:macOSGoogle ChromeMozilla FirefoxBraveMicrosoft EdgeOperaVivaldiArcOrionHardware: None
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.