TECH NEWS

New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

https://hackread.com/wp-content/uploads/2026/05/reaper-malware-fake-microsoft-domain-macos-passwords-1024x576.jpg

A malicious new malware is targeting macOS users, disguised as a critical system update and popular workplace software. Cybersecurity firm SentinelOne’s research unit, SentinelLABS, recently discovered this threat and shared the details with Hackread.com.

The malware is a fresh variant of an infostealer called SHub, tracked under the name Reaper. Apple recently updated its macOS Tahoe 26.4 to stop similar attacks, but researchers found that “Reaper tricks routes around that fix entirely,” making it a serious threat for Mac users.

How the Trick Works

The attack starts with fake download pages for WeChat or Miro (popular communication and workplace apps). To ensure these apps appear as trusted, attackers used a typo-squatted domain, mlcrosoft.co.com.

When someone visits these pages, hidden JavaScript code inspects their computer for specific software, IP addresses, location data, and security tools, and the attack moves forward only if the user is outside of Russia. Afterward, the...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

Read more

http://www.techmeme.com/img/techmeme_sq328.png

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data