1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Mac users beware this devious new infostealer malware disguises

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 19, 2026 11:15:26
    Mac users beware this devious new infostealer malware disguises itself as official Apple tools to lure in victims

    Date:
    Tue, 19 May 2026 10:00:53 +0000

    Description:
    SentinelOne found a new variant of the SHub macOS infostealer called Reaper.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter SentinelOne uncovers new SHub macOS infostealer variant dubbed Reaper, spread via typosquatted WeChat and Miro domains The malware disguises itself with fake Apple and Google update components, establishing persistence and backdoor access Reaper targets browser credentials, crypto wallets, password managers, and sensitive documents, with signs of Russianspeaking operators avoiding CIS systems Cybersecurity researchers from SentinelOne have discovered a new variant of the notorious SHub macOS infostealer malware called Reaper.

    In a new report SentinelOne said it observed typosquatted domains spoofing popular apps WeChat (a popular Chinese messaging and social media app) and Miro (an online visual collaboration and whiteboard platform). Victims using macOS and looking to install these apps will trigger an infection chain that constantly changes its disguise to make the malware look legitimate at every stage of attack. After launching the script, it will display a fake update message referencing Apple s XProtectRemediator security tool, and after infecting the system, it will establish persistence by creating files and folders designed to look like a genuine Google software update component. Latest Videos From You may like 'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to
    empty crypto wallets Another worrying macOS malware scheme has been
    discovered here's how to stay safe 'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...thats no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe Avoiding the Russians It will store a backdoor in a fake GoogleUpdate directory and register a LaunchAgent named com.google.keystone.agent.plist, the researchers said.

    The goal of the campaign is to steal credentials and sensitive files, as well as cryptocurrency wallets. While SentinelOne does not attribute the attack to any specific group or threat actor, it did say there were several hints suggesting the operators may be Russian speaking (or are, at least, trying to avoid targets in former Soviet states).

    The malware checks whether the infected system uses Russian input sources and exits if it detects systems in the CIS (Commonwealth of Independent States) region. SentinelOne also said that when they tried to bypass the malwares anti-analysis protection, a fake website displayed a Russian Access Denied message.

    The Reaper variant primarily targets web browsers, cryptocurrency wallets,
    and applications that may contain financial or business-related data,
    stealing browser credentials, crypto wallet data, login keychains, Telegram session data, and documents from the Desktop and Documents folders. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    It also searches for browser extensions linked to password managers such as 1Password, Bitwarden, and LastPass, along with cryptocurrency wallets like MetaMask and Phantom. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mac-users-beware-this-devious-new-infos tealer-malware-disguises-itself-as-official-apple-tools-to-lure-in-victims


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)