Researchers have identified a new malware targeting macOS systems called CrashStealer, designed to steal sensitive information from compromised devices. What sets CrashStealer apart from other malware is its use of native C++ for implementation, rather than the more common AppleScript or Objective-C methods. This malware can validate the victim's login password locally, making it harder to detect. The use of a notarized dropper allows it to bypass Apple's Gatekeeper security checks, increasing its chances of successfully infecting systems. Users of macOS should be cautious and ensure their devices are protected against such threats, as this malware can lead to significant data breaches.
Articles tagged "macOS"
Found 34 articles
SCM feed for Latest
QuimaRAT is a new type of malware that can target multiple operating systems, including Windows, Linux, and macOS. It operates on a modular architecture, which means it can expand its capabilities through encrypted plugins that are delivered via a command-and-control infrastructure. This flexibility allows attackers to adapt the malware for various malicious purposes. The versatility of QuimaRAT raises concerns for users across different platforms, as it poses a significant risk to both personal and organizational security. Companies and individuals should be vigilant and consider implementing security measures to protect their systems from this evolving threat.
Researchers from Jamf Threat Labs have identified a new malware targeting macOS users, named PamStealer. This information stealer masquerades as a legitimate application called Maccy, which is a popular open-source clipboard manager. By distributing a compiled AppleScript file that looks legitimate, PamStealer tricks users into downloading it. Once installed, it seeks to extract sensitive information, including Mac login passwords. This incident is concerning for Mac users, as it highlights the ongoing risks posed by malware that exploits trusted applications to gain access to personal data.
Help Net Security
Attackers are currently exploiting a vulnerability in SimpleHelp, identified as CVE-2026-48558, which allows for an authentication bypass. This vulnerability has been patched, but it is actively being used to deploy Djinn Stealer malware on victim systems. Djinn Stealer is a versatile piece of malware that targets various operating systems, including Windows, macOS, and Linux. It collects sensitive credentials from a wide range of applications, including cloud services, source control, and cryptocurrency wallets. The situation poses a significant risk to users of SimpleHelp, particularly managed service providers, as the malware can compromise sensitive data and systems.
Hackers are taking advantage of a serious vulnerability (CVE-2026-48558) in SimpleHelp, a remote support software, to deploy a new type of malware known as Djinn Stealer. This malware is capable of stealing information across multiple operating systems, including Windows, macOS, and Linux. Users of SimpleHelp are at risk as the flaw allows attackers to infiltrate systems and extract sensitive data without detection. The emergence of this undocumented malware raises concerns about the security of remote support tools, as they are commonly used by businesses and individuals for remote access. It is crucial for users to remain vigilant and apply any necessary updates to protect their information.
Cybersecurity researchers have identified two hijacked npm packages and several compromised Go packages that are being used to deliver a Python-based information stealer to affected systems. This malware targets Windows, Linux, and macOS devices, making it a broad threat to developers and users of these platforms. Notably, the attack circumvents common npm execution paths, which may be an effort to bypass security measures introduced in npm version 12. The presence of these malicious packages poses a significant risk, as they could lead to unauthorized data access and theft. Developers and users need to be vigilant and ensure they are not using these compromised packages in their projects.
A recently discovered flaw in macOS allows standard users to disable Endpoint Detection and Response (EDR) and Mobile Device Management (MDM) features, which are critical for maintaining device security and management. This vulnerability could be exploited by malicious actors to weaken security controls, making it easier for them to execute attacks or gain unauthorized access to sensitive data. All macOS versions that support EDR and MDM functionalities are affected. Organizations using these features should be particularly vigilant, as the ability for unauthorized users to disable such protections can lead to significant security risks. As of now, there is no indication that this vulnerability is being actively exploited in the wild, but the potential for misuse remains a concern for IT departments.
Help Net Security
Homebrew, the popular package manager for macOS, is enhancing its security with the introduction of a new requirement for third-party taps. Starting with version 6.0.0, any tap and its associated formula or cask must be explicitly trusted before the Ruby code is executed. This change aims to mitigate risks associated with running unverified code from external sources, which previously could execute without any restrictions. Official Homebrew taps will remain trusted by default, but users will now have options to manage trust levels for additional taps. This move is significant for users who rely on third-party software, as it adds an extra layer of security against potentially malicious code.
The Hacker News
This week saw several cybersecurity incidents that highlight ongoing vulnerabilities in various systems. A zero-day vulnerability was discovered in Google Chrome, which could allow attackers to execute arbitrary code. Additionally, exploits affecting UniFi devices were reported, taking advantage of outdated software. Cybercriminals are also utilizing phishing kits that are increasingly easy to rent, making them more accessible to a wider range of attackers. Meanwhile, macOS systems are facing threats from new data-stealing malware, and a flaw in VPN services was identified, potentially exposing user data. These incidents remind users and organizations of the continuous need to update their software and remain vigilant against evolving cyber threats.
The Hacker News
A new cyber campaign has emerged, targeting cryptocurrency firms through deceptive recruitment tactics and custom malware designed for macOS systems. Researchers from Wiz have identified this threat actor, known as JINX-0164, which employs social engineering to lure victims into downloading malicious software. The malware is tailored to exploit continuous integration and continuous deployment (CI/CD) infrastructures, increasing the risk of digital asset theft for affected organizations. As cryptocurrency firms often handle significant amounts of valuable digital assets, these attacks could lead to substantial financial losses and damage to their reputations. Companies in the crypto space need to be vigilant and enhance their security measures to protect against these sophisticated threats.
Hackread – Cybersecurity News, Data Breaches, AI and More
FBI Chief Kash Patel's clothing store fell victim to a ClickFix infostealer attack, which specifically targeted macOS users. The hackers tricked these users into downloading malware that steals sensitive information. This incident raises concerns not only for Patel as a public figure but also for the broader implications of malware targeting retail platforms. Such attacks can lead to significant data breaches, impacting customer trust and potentially leading to financial losses. Users of the compromised store should be vigilant about their personal data and consider reviewing their security measures to prevent similar threats in the future.
Researchers have identified a vulnerability in ExifTool, a widely used tool for reading and writing metadata in image files, that could allow attackers to compromise macOS systems through malicious images. This vulnerability, tracked as CVE-2026-3102, poses a significant risk to users who handle image files, as it enables the execution of harmful code when a malicious image is processed. Users running macOS could be particularly affected, especially those who frequently use ExifTool or similar applications. The implications are serious, as attackers could exploit this flaw to gain unauthorized access to systems, potentially leading to data breaches or other malicious activities. It’s crucial for users to stay informed about this issue and take appropriate steps to protect their systems.
A new variant of the SHub macOS infostealer has been discovered that tricks users into believing they need to install a security update. Using AppleScript, this malware presents a fake update message, which, when interacted with, leads to the installation of a backdoor on the user's system. This malicious software primarily targets macOS users, potentially compromising their personal information and system integrity. The ability to deceive users with a legitimate-looking update notice makes this variant particularly concerning. It underscores the need for users to be vigilant about unexpected prompts and verify updates directly from Apple's official channels.
The Hacker News
OpenAI reported that two of its employee devices were compromised due to a supply chain attack linked to TanStack, specifically the Mini Shai-Hulud incident. Fortunately, the company confirmed that no user data, production systems, or intellectual property were altered or stolen during this attack. Upon discovering the malicious activity, OpenAI swiftly initiated an investigation and took measures to contain the situation. This incident underscores the ongoing risks associated with supply chain vulnerabilities, highlighting the need for organizations to remain vigilant against such attacks. While no sensitive information was impacted, the event serves as a reminder of the potential threats lurking in software dependencies.
Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft researchers have identified a new scam called ClickFix that targets macOS users. Attackers are creating fake troubleshooting guides on platforms like Medium and Craft, tricking users into executing Terminal commands that deploy malicious software known as AMOS and SHub Stealer. This malware is designed to steal iCloud data, which can lead to significant personal and financial loss for affected users. The campaign highlights the need for vigilance among macOS users, as these deceptive tactics can easily lure unsuspecting individuals into compromising their personal information. Awareness and skepticism towards unsolicited troubleshooting advice are crucial in protecting one's digital assets.