Tag: macOS
-
Malicious GitHub pages lure MacOS users into installing Atomic infostealer
MacOS users looking to download popular software such as LastPass, 1Password, After Effects, Gemini, and many others are in danger of getting saddled with the Atomic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/macos-infostealer-campaign-github/
-
Beware: GitHub repos distributing Atomic Infostealer on macOS
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. >>The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting…
-
Hackers Abuse GitHub Pages to Spread Stealer Malware to macOS Users
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to unsuspecting victims. The LastPass Threat Intelligence, Mitigation, and Escalation team has identified an ongoing widespread infostealer operation that specifically targets macOS users through…
-
Hackers Abuse GitHub Pages to Spread Stealer Malware to macOS Users
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to unsuspecting victims. The LastPass Threat Intelligence, Mitigation, and Escalation team has identified an ongoing widespread infostealer operation that specifically targets macOS users through…
-
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools.”In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware,” researchers Alex Cox, Mike Kosak, and First seen on thehackernews.com…
-
Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware. First seen on hackread.com Jump to article: hackread.com/fake-empire-podcast-invites-crypto-macos-amos-stealer/
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes
Apple just fixed more than 50 security flaws across iPhone, iPad, Mac, Watch, TV, and Vision Pro. The post Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-ios26-macos26-release-security-fixes/
-
VirtualBox 7.2.2 Update Released with Fix for Guest GUI Crashes
Oracle has released VirtualBox 7.2.2, a critical maintenance update that addresses multiple GUI crashes and stability issues affecting users across Windows, Linux, and macOS platforms. Released on September 10, 2025, this update represents a significant improvement in the virtualization software’s reliability and user experience. Critical GUI Crash Fixes Implemented The most significant improvements in VirtualBox…
-
Breach Roundup: Vidar Strikes Back
Also, Akira Ransomware Resumes Attacks Via SonicWall Flaws. This week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn’t hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.…
-
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,… First seen on hackread.com Jump to article: hackread.com/chillyhell-macos-malware-resurfaces-google-com-decoy/
-
ChillyHell macOS Malware: Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar”, despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence using several different mechanisms. The malware, dubbed ChillyHell, has evaded popular antivirus detections even…
-
Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years
‘We do believe that this was likely the creation of a cybercrime group,’ threat hunter tells The Reg First seen on theregister.com Jump to article: www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/
-
Dormant macOS Backdoor ChillyHell Resurfaces
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dormant-macos-backdoor-chillyhell-resurfaces
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
Cursor’s autorun lets hackers execute arbitrary code
Security Debt in the Cursor Ecosystem: The disclosure isn’t an isolated scenario. Earlier this year, Cursor was already targeted by campaigns like CurXecute and MCPoison, along with npm package tampering aimed at macOS users. Barr warned that the .vscode/tasks.json issue is “just another piece of the same puzzle: attackers are looking deep into Cursor’s ecosystem…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
macOS Under Attack: Atomic Stealer Hidden in Pirated Software
The cybersecurity landscape for macOS users has taken a dangerous turn as cybercriminals increasingly target Apple’s ecosystem with sophisticated malware campaigns. Atomic macOS Stealer (AMOS), a specialized data-theft malware, has emerged as one of the most significant threats to Mac users, particularly those seeking cracked software applications. While macOS has historically maintained a reputation as…
-
Hackers Exploit Fake Microsoft Teams Site to Spread Odyssey macOS Stealer
Cybercriminals have escalated their attacks against macOS users by deploying a sophisticated new campaign that leverages a fraudulent Microsoft Teams download site to distribute the dangerous Odyssey stealer malware. This development represents a significant evolution from earlier attacks that primarily targeted users through fake trading platforms. The malicious campaign first came to light in early…
-
macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-stealer-cracked-apps-bypass/
-
macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-stealer-cracked-apps-bypass/
-
macOS vulnerability allowed Keychain and iOS app decryption without a password
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/
-
Zero-Click Spyware Hits WhatsApp on iOS and macOS
A WhatsApp zero-click flaw exploited in spyware attacks has been patched on iOS and macOS. Update now to protect your devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/zero-day-spyware-hits-whatsapp/
-
Unter iOS und macOS Click-Sicherheitslücke in WhatsApp
First seen on security-insider.de Jump to article: www.security-insider.de/whatsapp-sicherheitsluecke-update-ios-macos-a-b7b6ebf685cf60e3c88666f696263bc7/
-
Hackers Exploit macOS Security Features to Spread Malware
A growing wave of sophisticated attacks is turning macOS’s built-in security defenses into avenues for malware distribution, according to recent security research. As macOS continues to gain market share, cybercriminals are adapting their strategies to exploit even the most robust Apple protections. Analysts warn that relying solely on native safeguards may leave organizations vulnerable to…
-
Bei Digital-Produkten auch auf Ausfallrisiken achten
Das BSI empfiehlt Nutzern von digitalen Produkten darauf zu achten, wie der Hersteller mit Sicherheitsrisiken umgeht.Das Bundesamt für Sicherheit in der Informationstechnik (BSI) rät bei der Auswahl digitaler Produkte darauf zu achten, ob es Ausfallrisiken gibt. Eine Sprecherin der Behörde sagte der Deutschen Presse-Agentur auf die Frage, worauf Nutzer bei der Auswahl von Online-Bezahlsystemen achten…
-
Ohne Nutzerinteraktion: Apple-Nutzer über gefährliche Whatsapp-Lücke attackiert
Angreifer haben über Whatsapp für iOS und MacOS ohne Zutun der Zielperson Malware eingeschleust. Meta liefert Patches und alarmiert Betroffene. First seen on golem.de Jump to article: www.golem.de/news/ohne-nutzerinteraktion-apple-nutzer-ueber-gefaehrliche-whatsapp-luecke-attackiert-2509-199670.html