Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: macos (13 articles)Clear

PamStealer Mac malware poses as a clipboard app and verifies passwords through PAM

Jamf Threat Labs found a new macOS infostealer, PamStealer, that impersonates Maccy, a popular open-source clipboard manager, through a fake website. Victims download what looks like a Maccy installer but is a malicious AppleScript that quietly fetches a Rust-based stealer. Its standout trick is how it grabs the login password: it shows a native-looking prompt saying "Maccy wants to make changes" and validates whatever the user types against macOS's own Pluggable Authentication Modules, so it only keeps a confirmed-correct password and avoids the noisy process calls other stealers make. The second stage hides as Finder, encrypts its traffic, and delays its Full Disk Access request to avoid suspicion.

Check
Make sure anyone using the Maccy clipboard manager downloaded it only from maccy.app or its official GitHub, and treat unexpected admin-password prompts and Full Disk Access requests during app installs with suspicion.
Affected
Mac users who install software from fake or unofficial sites; PamStealer poses as the Maccy clipboard app, confirms the login password through macOS PAM, then steals credentials, browser data, and wallet access.
Fix
Install Mac apps only from official sites or the App Store, verify download URLs carefully, deny unexpected password and Full Disk Access prompts, and keep macOS and endpoint tools updated.

DPRK macOS malware Gaslight plants fake errors to derail AI-assisted analysis

SentinelOne detailed Gaslight, a Rust-based macOS backdoor and information stealer tied with high confidence to North Korea, whose standout trick targets the analyst rather than the sandbox. The sample embeds a block of 38 fabricated "system" messages, formatted to mimic the prompt scaffolding of an AI triage assistant, that try to make an LLM-assisted analysis tool doubt its session and abort, truncate, or refuse the analysis. Beyond that, Gaslight steals browser data, Keychain secrets, and command history, using a Telegram bot for command and control and self-redacting its bot token from its own output. It is an early example of malware built to weaponize the AI tools now common in reverse engineering.

Check
If you use AI or LLM tools in malware triage, review whether sample contents are passed to the model as trusted input, and check macOS hosts for the Telegram-based persistence described.
Affected
macOS users targeted by this North Korea-linked stealer, and analysts whose AI-assisted triage pipelines can be manipulated when malicious sample text is fed to the model as if it were instructions.
Fix
Treat the contents of analyzed samples as adversarial input, never as instructions, and isolate hostile text from AI models. On endpoints, hunt for the published indicators and suspicious com.apple-style LaunchAgents.

macOS trust-caching gap lets standard users silently disable EDR and MDM

Researchers at XM Cyber detailed a macOS technique that lets an attacker with only standard user privileges disable enterprise security tools and call privileged functions, with no admin credentials, kernel exploit, or alerts. It abuses how macOS caches an application's code signature: once cached, the system keeps trusting the app even after an attacker modifies its components, letting a normal user impersonate trusted code and reach privileged XPC services by injecting into interface files. The team showed it disabling CrowdStrike Falcon and Kandji's MDM agent. CrowdStrike and Kandji have fixed their products, with Kandji assigning CVE-2026-39118, but XM Cyber frames the root cause as a flaw in macOS itself.

Check
Confirm that macOS endpoint security and management agents, such as EDR and MDM, are updated to versions that address this technique, and identify any third-party macOS apps exposing privileged XPC services.
Affected
Organizations relying on macOS endpoint protection and MDM; any app exposing privileged XPC services with injectable interface files can be abused by a standard user to escalate and disable defenses.
Fix
Update CrowdStrike, Kandji, and other macOS security agents to patched versions, monitor for tampering with security tools, and apply Apple updates as they address the underlying trust-caching weakness.

macOS ClickFix attack uses Terminal trick to silently install Atomic Stealer

Palo Alto's Unit 42 found a new macOS campaign that uses the ClickFix trick, a fake CAPTCHA or verification page, to get users to paste a command into Terminal. The command quietly downloads a disk image, mounts it without showing it in Finder, finds the app inside, and launches it, installing the Atomic macOS Stealer (AMOS). The malware then shows a fake system password prompt and steals browser credentials and cookies from many Chromium and Firefox-based browsers, cryptocurrency wallet data, Keychain contents, messaging app data, and documents. The single-command approach is stealthier than older campaigns that relied on the victim manually opening a downloaded image.

Check
Warn Mac users never to paste website-supplied commands into Terminal to pass a CAPTCHA, and watch endpoints for unexpected hdiutil mounts and curl downloads to the /tmp folder.
Affected
macOS users tricked by fake CAPTCHA or verification pages into running a Terminal command; crypto-wallet holders and anyone with browser-stored credentials and Keychain secrets are the main targets.
Fix
Train users to recognize ClickFix lures, restrict or monitor Terminal use on managed Macs, deploy endpoint protection that detects AMOS behavior, and store crypto wallets and secrets in hardware-backed protection.

FlutterShell macOS backdoor spreads via Google and YouTube ads from verified shell companies - CL-CRI-1089 / TamperedChef adware-to-backdoor

Palo Alto Networks Unit 42 has documented FlutterShell, a Flutter-built macOS backdoor distributed through malicious Google and YouTube ads served by a network of Google-verified shell companies. It is the latest stage of the CL-CRI-1089 cluster and part of the broader TamperedChef / EvilAI campaigns that push trojanized productivity software. The ads lure macOS users in the US, Canada, Australia, France, and Germany into installing fake desktop apps. Beyond adware, FlutterShell supports arbitrary shell-command execution, file-system manipulation, and environment-variable exfiltration, and on launch modifies Chrome config files to force browser traffic through an attacker-controlled intermediary. Activity was seen as recently as March 2026.

Check
Warn macOS users that Google/YouTube ads for productivity apps may be malicious. Hunt for Flutter-built apps that modify Chrome config files. Apply Unit 42 IoCs.
Affected
macOS users in the US, Canada, Australia, France, and Germany lured by malvertised fake desktop apps. FlutterShell adds backdoor command execution and Chrome-hijacking on top of adware.
Fix
Source software only from official vendor sites, not search ads. Apply Unit 42 IoCs and block the ad domains. Restore Chrome config on affected Macs and remove the apps.

JINX-0164 targets crypto firms with LinkedIn recruiter lures and macOS AUDIOFIX malware - lateral move into CI/CD code distribution

Wiz has documented JINX-0164, a previously undocumented financially-motivated threat actor targeting cryptocurrency firms via recruitment-themed social engineering and bespoke macOS malware since at least mid-2025. The chain starts with credible LinkedIn profiles offering virtual meetings; victims are steered to a rogue teleconference page that delivers a malicious 'meeting client.' A bash script then pulls AUDIOFIX, a Python-based macOS infostealer and RAT, from apple.driver-store[.]com. The payload is architecture-aware (Intel and Apple Silicon), saved as ChromeUpdater, masquerades as the system audio daemon coreaudiod, and persists via launchctl. AUDIOFIX moves laterally from developer laptops into code-distribution and CI/CD infrastructure, modifying source code to steal wallets at scale.

Check
Train developer and finance teams against LinkedIn recruiter approaches followed by 'meeting client' downloads. Hunt macOS endpoints for ChromeUpdater, coreaudiod imposters, and launchctl-loaded LaunchDaemons.
Affected
Cryptocurrency firms and crypto-adjacent developers using macOS, especially with access to CI/CD or code-distribution infrastructure. LinkedIn recruitment lures are the dominant initial vector.
Fix
Apply Wiz IoCs including apple.driver-store[.]com. Restrict launchctl persistence to known LaunchDaemons. Require strong identity attestation before any new meeting-client install. Audit CI/CD signing keys.

FBI Director Kash Patel's merchandise site (basedapparel.com) infected with WooCommerce ClickFix macOS infostealer; site taken offline

FBI Director Kash Patel's merchandise website basedapparel[.]com was taken offline on Friday after researchers documented a multi-stage WooCommerce compromise that stole payment data and targeted Mac users with a ClickFix attack. The site displayed a fake Cloudflare CAPTCHA prompting visitors to paste a command into their terminal; the macOS-specific shell command then downloaded a script-based infostealer that targets browsers, password vaults, and cryptocurrency wallets before compressing the data, exfiltrating to monterushy[.]com, and deleting itself. Researchers WifiRumHam and 'debbie' analyzed the live campaign on May 21-22; the site went offline on May 22. Similar infections seen across many compromised WooCommerce sites.

Check
Search outbound traffic for connections to monterushy[.]com and similar ClickFix C2 hosts since early May. Inventory WooCommerce sites your organization operates and confirm plugin integrity.
Affected
WooCommerce-powered e-commerce sites with vulnerable or unverified plugins. Mac users who visit compromised storefronts and are prompted to paste shell commands. Brand reputation risk for high-profile site owners.
Fix
Block monterushy[.]com at egress. Audit WooCommerce plugin authenticity via official channels. Train users (especially macOS) to never paste shell commands from a website. Apply EDR rules for ClickFix patterns.

SHub Reaper macOS infostealer spoofs Apple, Google, and Microsoft in one chain - backdoor, wallet hijack, document theft

SentinelOne has documented a new variant of the SHub macOS infostealer family called Reaper. Victims are lured through fake WeChat and Miro installers hosted on typo-squatted Microsoft domains, then prompted to run what looks like an Apple security update. Reaper avoids macOS Tahoe's new Terminal protections by routing its commands through the applescript:// URL scheme. Once running, it steals browser credentials, crypto wallets, dev configs, iCloud data, and Telegram sessions, replaces legitimate Exodus, Ledger, and Trezor wallet apps with backdoored copies, and installs a persistent fake Google Software Update LaunchAgent that gives the attacker an ongoing remote shell. Files larger than 85MB are uploaded in 70MB chunks.

Check
Hunt macOS endpoints for LaunchAgents named com.google.keystone.agent.plist that point at unsigned scripts in ~/Library/Application Support/Google/GoogleUpdate.app/, and search proxy logs for traffic to hebsbsbzjsjshduxbs.xyz.
Affected
macOS users who can be social-engineered into running an installer or AppleScript prompt outside the App Store. Heavily targets developer, finance, and crypto-holding personas.
Fix
Remove the malicious LaunchAgent and persistence script. Rotate all credentials in the browser keychain, crypto wallets, iCloud, Telegram, and any tokens in shell history or .gitconfig. Enforce MDM blocking unsigned LaunchAgents.

Broadcom patches macOS local privilege escalation in VMware Fusion - SETUID TOCTOU lets unprivileged users get root on the host (CVE-2026-41702)

Broadcom released a security update for VMware Fusion to fix CVE-2026-41702, a high-severity local privilege escalation that lets any non-administrative user on a Mac running Fusion become root on the host. The flaw is a time-of-check time-of-use race condition inside a SETUID binary used by Fusion - the kind of bug that turns a foothold on a developer workstation into full host control. Researcher Mathieu Farrell reported it privately. Broadcom rated the issue 'important' (CVSSv3 7.8). The advisory landed the same week as Pwn2Own Berlin, where VMware ESXi exploits can earn participants up to 200,000 dollars - Broadcom is on-site.

Check
Inventory macOS endpoints with VMware Fusion installed (especially developer, security research, and lab fleets), check the installed Fusion version against the patched 26H1 release, and review who has local user access on those Macs.
Affected
VMware Fusion 25H2 on macOS. Exploit requires local user access to the Mac but not administrative privileges - so any shared, lab, or developer workstation is in scope.
Fix
Update VMware Fusion to 26H1 from the Broadcom Support Portal. On managed Mac fleets, push the update through MDM. Until patched, restrict shared access to Fusion-equipped Macs and prefer admin-only accounts for hands-on lab work.

Mac malware campaign uses Google ads and 'Apple Support' Claude.ai chats to install infostealer

Hackers are buying Google ads that look like they go to claude.ai - and they do go to a real claude.ai page. But the page is a shared Claude chat dressed up as 'Apple Support' walking users through installing Claude on a Mac. The instructions tell people to paste a command into Terminal that quietly downloads MacSync, a Mac infostealer that grabs saved browser passwords, cookies, and contents of macOS Keychain (where Mac stores logins and keys). Because both the ad and the page are real claude.ai links, there is no fake domain to spot. Researcher Berk Albayrak first reported the campaign; BleepingComputer found a second active variant.

Check
Check macOS endpoint logs for Terminal executions of curl or base64 piped to bash in the last 7 days, and review who clicked sponsored Google results for 'Claude mac download'.
Affected
macOS users who searched Google for 'Claude mac download' or similar terms and ran a Terminal command from a shared Claude.ai chat attributed to 'Apple Support'. Two payload variants seen: a MacSync infostealer that exfiltrates Keychain and browser secrets, and a polymorphic in-memory shell payload that profiles the host and delivers a second stage via osascript.
Fix
Rotate browser-saved passwords and macOS Keychain credentials for any user who may have run the malicious command. Sign out and re-authenticate browser sessions to invalidate stolen cookies. Block the indicator domains customroofingcontractors[.]com and bernasibutuwqu2[.]com at network egress. Reinforce with users that they should never install software from chat or terminal instructions - only from official vendor download pages.