Tag: macOS
-
Sophos X-Ops analysiert ClickFix- und macOS-Infostealer-Kampagnen
Sophos X-Ops stellt einen Anstieg von ClickFix- und Infostealer-Kampagnen für das Betriebssystem macOS fest und verzeichnet neue Techniken bei den Ködern und Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analysiert-clickfix-und-macos-infostealer-kampagnen/a44103/
-
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content.…
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
-
Fake Claude Code Spreads Malware to Windows, macOS Users
Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. The post Fake Claude Code Spreads Malware to Windows, macOS Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-claude-code-install-pages-malware-windows-macos/
-
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A fake CleanMyMac site tricks macOS users into installing SHub Stealer malware that steals credentials and crypto wallets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cleanmymac-imposter-site-installs-shub-stealer-on-macs/
-
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library…
-
Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS
Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets. First seen on hackread.com Jump to article: hackread.com/fake-cleanmymac-site-clickfix-shub-stealer-macos/
-
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead of offering a standard installer, the page shows an “advanced” installation step telling users to “Open Terminal and paste the following command,” a pattern known in recent Mac campaigns as…
-
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution
ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected just by processing an image even on macOS, often (incorrectly) thought to be immune to…
-
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application and library for extracting and editing file metadata. If a macOS user processes a specially…
-
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS
Tags: apple, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, macOS, network, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms. On March 5, 2026, CISA added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from network defenders and system administrators. These vulnerabilities impact a wide range of Apple devices…
-
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets/
-
Perplexity’s Comet Browser Breached Through Calendar Invite Attack
Security researchers at Zenity Labs disclosed a critical flaw in Perplexity’s Comet “agentic” browser that allowed attackers to steal local files using a malicious Google Calendar invite. The issue, dubbed PerplexedBrowser and grouped under Zenity’s “PleaseFix” family, affected Comet on macOS, Windows, and Android and was rated P1 (critical) in Bugcrowd. The attack required no…
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code with root privileges without requiring any user interaction. The attack bypasses standard macOS security features, including code signature verification, and grants a local attacker complete control over the compromised system.”‹…
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed >>malext,<< which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted the compromise, revealing initial domains like optimize-storage-mac-os[.]medium[.]com, octopox[.]com, and vagturk[.]com."‹ Google Ads Library exposed over…
-
Researchers Expose DigitStealer C2 Infrastructure Targeting macOS Users
DigitStealer’s expanding command-and-control (C2) footprint is exposing more of its backend than its operators likely intended, giving defenders fresh opportunities to track and block new infrastructure linked to the macOS”‘targeting infostealer. Unlike many popular stealers, it does not expose a web panel for affiliates, strongly suggesting a closed-operation rather than a broad malware”‘as”‘a”‘service (MaaS) offering.…
-
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rely on users to run the payload for them.”‹ The attack starts with typosquatted domains that closely mimic…
-
Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build
Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS 26.4 developer beta. Apple has added end-to-end encrypted RCS messaging to the iOS and iPadOS 26.4 developer beta. The feature, still in testing, will roll out in a future update across iOS, iPadOS, macOS, and watchOS. Apple notes that E2EE is not…
-
DigitStealer Infostealer Targets macOS, Revealing Critical Infrastructure Vulnerabilities
DigitStealer is an increasingly active macOS”‘targeting infostealer whose predictable command”‘and”‘control (C2) setup exposes structural weaknesses in its operators’ infrastructure decisions. While technically sophisticated on the endpoint, its reuse of the same providers, protocols, and registration patterns has made much of its backend unusually easy to fingerprint and track. The malware is typically delivered via spoofed…
-
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
Attackers have weaponized a malicious fork of the legitimate Triton macOS client for omg.lol, turning a trusted open-source project into a delivery channel for Windows malware hosted on GitHub. The campaign abuses GitHub’s forking model, misleading README content, and obscure asset paths to trick users into downloading a trojanized archive named Software_3.1.zip. The malicious actor…
-
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
Attackers have weaponized a malicious fork of the legitimate Triton macOS client for omg.lol, turning a trusted open-source project into a delivery channel for Windows malware hosted on GitHub. The campaign abuses GitHub’s forking model, misleading README content, and obscure asset paths to trick users into downloading a trojanized archive named Software_3.1.zip. The malicious actor…
-
Apple Tests EndEnd Encrypted RCS Messaging in iOS 26.4 Developer Beta
Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages.The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS.”End-to-end encryption…
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…