Collecting Cyber-News from over 60 sources

Tag: macOS

North Korean crypto thieves deploy custom Mac backdoor

Jul 3, 2025 12:35 AM

Tags: apple, apt, attack, backdoor, control, crime, crypto, cyberespionage, data, detection, email, finance, government, group, hacker, infection, injection, macOS, malicious, malware, north-korea, programming, rust, theft, threat, update

North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
NimDoor crypto-theft macOS malware revives itself when killed

Jul 2, 2025 10:34 PM

Tags: crypto, hacker, macOS, malware, north-korea, theft

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Jul 2, 2025 9:34 PM

Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threat

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials

Jul 2, 2025 3:34 PM

Tags: access, attack, credentials, crypto, cyber, injection, macOS, malware, north-korea, threat

A sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. According to detailed analysis by SentinelLABS, alongside corroborating reports from Huntabil.IT and Huntress, the attackers deploy a multi-stage attack chain featuring Nim-compiled binaries, process injection techniques, and encrypted remote communications.…
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code

Jul 1, 2025 7:34 AM

Tags: browser, chrome, cyber, exploit, flaw, google, linux, macOS, update, vulnerability, windows, zero-day

Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked asCVE-2025-6554, is atype confusionvulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by…
MacOS malware Poseidon Stealer rebranded as Odyssey Stealer

Jun 28, 2025 10:34 PM

Tags: macOS, malware

First seen on scworld.com Jump to article: www.scworld.com/news/macos-malware-poseidon-stealer-rebranded-as-odyssey-stealer
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

Jun 26, 2025 3:36 PM

Tags: access, crypto, deep-fake, group, hacker, korea, macOS, malware, north-korea, scam

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/n-korean-group-bluenoroff-uses-deepfake-zoom-calls-in-crypto-scams/
North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft

Jun 23, 2025 5:35 AM

Tags: crypto, deep-fake, macOS, malware, north-korea, scam, theft

The post North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-bluenoroff-uses-deepfakes-in-zoom-scams-to-install-macos-malware-for-crypto-theft/
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links

Jun 19, 2025 9:35 PM

Tags: attack, crypto, cyber, google, group, hacker, macOS, malicious, malware, north-korea, threat

The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems. The…
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls

Jun 19, 2025 3:36 PM

Tags: access, ai, attack, backdoor, control, crypto, data, deep-fake, defense, detection, edr, endpoint, injection, korea, least-privilege, macOS, malicious, malware, north-korea, threat, tool, training

Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

Jun 19, 2025 2:35 PM

Tags: apple, attack, backdoor, crypto, cyber, deep-fake, korea, macOS, malware, north-korea, scam, threat

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
CISA Alerts: iOS Zero”‘Click Flaw Actively Exploited

Jun 17, 2025 9:54 AM

Tags: apple, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, macOS, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert following the discovery and active exploitation of a critical zero-click vulnerability in Apple’s ecosystem, tracked as CVE-2025-43200. This flaw, now patched, enabled attackers to compromise iOS, iPadOS, macOS, watchOS, and visionOS devices without any user interaction, raising alarms across the cybersecurity and…
NinjaOne Adds macOS MDM to Streamline Cross-Platform Endpoint Management

Jun 16, 2025 10:54 PM

Tags: endpoint, macOS

First seen on scworld.com Jump to article: www.scworld.com/news/ninjaone-adds-macos-mdm-to-streamline-cross-platform-endpoint-management
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Jun 16, 2025 9:54 AM

Tags: credentials, cybersecurity, data, macOS, malicious, pypi, service

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, First seen on thehackernews.com Jump to article: thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Jun 13, 2025 9:54 AM

Tags: apple, cve, cyber, exploit, flaw, macOS, spy, spyware, vulnerability

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks.The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura…
Will New AI Browser Dia Redefine How We Use the Web?

Jun 12, 2025 6:54 PM

Tags: ai, macOS

Dia, a new AI browser from the makers of Arc, is available in beta on macOS, and only to existing Arc members or individuals they’ve invited. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-arc-dia-the-browser-company/
Apple tries to contain itself with lightweight Linux VMs for macOS

Jun 10, 2025 8:55 AM

Tags: apple, framework, linux, macOS

Swift-based containerization framework aims to improve performance and security First seen on theregister.com Jump to article: www.theregister.com/2025/06/10/apple_tries_to_contain_itself/
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Jun 6, 2025 7:55 PM

Tags: apple, cybersecurity, exploit, macOS, malware, social-engineering

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.”macOS users are served a…
What the Arc Browser Story Reveals About the Future of Browser Security

Jun 5, 2025 5:54 AM

Tags: ai, antivirus, api, browser, ceo, chrome, ciso, crypto, data, email, github, infrastructure, jobs, LLM, macOS, malware, password, phishing, saas, software, startup, update, vulnerability, windows

By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
Exploiting Clickfix: AMOS macOS Stealer Evades Security to Deploy Malicious Code

Jun 4, 2025 7:55 PM

Tags: cyber, exploit, infrastructure, Internet, macOS, malicious, social-engineering

A newly uncovered campaign involving an Atomic macOS Stealer (AMOS) variant has emerged, showcasing the evolving sophistication of multi-platform social engineering attacks. This campaign, discovered during routine attacker infrastructure analysis, leverages typo-squatted domains mimicking Spectrum, a prominent U.S.-based telecommunications provider offering cable television, internet, and managed services. By employing the Clickfix method, attackers deliver tailored…
Dark Partner Hackers Leverage Fake AI, VPN, and Crypto Sites to Target macOS and Windows Users

May 29, 2025 3:55 PM

Tags: ai, crypto, cyber, cybersecurity, group, hacker, macOS, malware, network, service, software, vpn, windows

A group dubbed >>Dark Partners
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
Researchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details Revealed

May 27, 2025 12:54 PM

Tags: apple, cyber, detection, macOS, malware, tactics, threat

Researchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platform, is increasingly becoming a target for sophisticated adversaries. The malware employs advanced tactics, techniques, and procedures (TTPs) to evade detection…
How Google Meet Pages Are Exploited to Deliver PowerShell Malware

May 27, 2025 8:54 AM

Tags: attack, cyber, cyberattack, email, exploit, google, macOS, malicious, malware, phishing, powershell, social-engineering, tactics, windows

A new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional security measures and targeting Windows and macOS systems. The attack begins with phishing emails containing links that closely…
Arms Cyber Expands Ransomware Protection to macOS Devices

May 23, 2025 10:55 PM

Tags: cyber, macOS, ransomware

First seen on scworld.com Jump to article: www.scworld.com/news/arms-cyber-expands-ransomware-protections-to-macos-devices
Novel macOS malware campaign involves fraudulent Ledger apps

May 23, 2025 10:55 PM

Tags: macOS, malware

First seen on scworld.com Jump to article: www.scworld.com/brief/novel-macos-malware-campaign-involves-fraudulent-ledger-apps
Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

May 23, 2025 7:55 PM

Tags: crypto, cyber, hacker, macOS, malicious, malware, password

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application for managing crypto assets via Ledger cold wallets. Since August 2024, Moonlock Lab has been tracking a malware campaign that initially focused on stealing passwords and wallet details but has now evolved to extract seed phrases, enabling attackers to drain…
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

May 23, 2025 11:55 AM

Tags: apple, cve, cvss, cyber, flaw, macOS, vulnerability

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel that underpins macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw, which carries a CVSS score of 8.8 (vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), enables local attackers to escalate privileges and potentially execute arbitrary code with kernel-level access. The vulnerability was discovered by Michael…
Hackers use fake Ledger apps to steal Mac users’ seed phrases

May 22, 2025 7:55 PM

Tags: access, crypto, cybercrime, hacker, macOS, malware

Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/