Collecting Cyber-News from over 60 sources

Tag: macOS

New Infinity Stealer malware grabs macOS data via ClickFix lures

Mar 28, 2026 4:30 PM

Tags: data, macOS, malware, open-source

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

Mar 26, 2026 10:47 PM

Tags: captcha, macOS, malicious

A new macOS infostealer, NukeChain (now Infiniti Stealer), uses fake CAPTCHA pages to trick users into running malicious commands. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka/
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware

Mar 26, 2026 4:47 PM

Tags: attack, cyber, exploit, group, macOS, malware, threat, windows

Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May 2024, with lures impersonating brands such as Intuit QuickBooks and Booking.com. Using Recorded Future’s HTML…
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads

Mar 26, 2026 2:47 PM

Tags: ai, credentials, cyber, github, macOS, malware, threat

GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least eight additional samples hosted in GitHub repositories that impersonate trading bots, SDKs, and developer tools.…
MioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIs

Mar 23, 2026 12:47 PM

Tags: api, apple, cyber, cybercrime, macOS, theft

As Apple’s macOS footprint grows in both consumer and enterprise environments, dedicated infostealers like MioLab (aka Nova) show that Macs are no longer a niche target but a priority for cybercrime ecosystems. Marketed as a premium Malware”‘as”‘a”‘Service (MaaS) on Russian”‘language forums, MioLab combines an evasive macOS binary with a mature web panel, new ClickFix delivery…
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution

Mar 20, 2026 2:09 PM

Tags: browser, chrome, cyber, google, linux, macOS, malicious, update, vulnerability, windows

Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS

Mar 19, 2026 1:10 PM

Tags: api, apple, cve, macOS, update, vulnerability

Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified as a cross-origin issue within the Navigation API of WebKit, the browser engine that underpins Safari and other web-based functionality across iOS, iPadOS, and macOS. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/webkit-vulnerability-fixed-in-apple-update/
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks

Mar 18, 2026 2:10 PM

Tags: apple, attack, cyber, flaw, iphone, macOS, update, vulnerability

Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch secures Apple devices against potential Same Origin Policy violations without requiring a full operating system…
Apple starts issuing lightweight security updates between software releases

Mar 18, 2026 1:09 PM

Tags: apple, macOS, software, update

Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/apple-background-security-improvements-updates/
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Mar 18, 2026 9:10 AM

Tags: api, apple, cve, exploit, flaw, macOS, vulnerability

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit’s Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted…
In macOS, iOS & iPadOS – 7 Zero Days bei Apple, 3 davon aktiv ausgenutzt

Mar 18, 2026 8:09 AM

Tags: apple, macOS, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/apple-zero-day-luecken-macos-ios-ipados-safari-a-9d9af57062fda0e539e17406e879db48/
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

Mar 17, 2026 11:10 AM

Tags: attack, chatgpt, macOS, malicious, social-engineering, sophos, tactics, windows

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack

Mar 17, 2026 8:10 AM

Tags: access, attack, cyber, linux, macOS, malicious, rat, software, supply-chain, windows

Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Mar 16, 2026 2:09 PM

Tags: ai, attack, exploit, macOS, tool

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.”Unlike traditional exploit-based attacks, this method relies entirely on user interaction usually in the form of copying and executing commands making it particularly effective against users who may not appreciate the implications of…
macOS-Nutzer geraten stärker ins Visier von Cyberkriminellen

Mar 16, 2026 12:10 PM

Tags: cyberattack, macOS

Sicherheitsforscher beobachten eine zunehmende Zahl gezielter Angriffe auf macOS-Systeme. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/macos-nutzer-gerate-cyberkriminellen
MacOS-Nutzer verstärkt im Visier von Social-Engineering-Attacken

Mar 12, 2026 3:10 PM

Tags: exploit, macOS, malware, social-engineering, software, sophos

Sophos-X-Ops stellt einen Anstieg von Clickfix- und Infostealer-Kampagnen für das Betriebssystem MacOS fest und verzeichnet neue Techniken sowohl bei den Ködern als auch bei den Malware-Fähigkeiten. Clickfix ist eine zunehmend verbreitete Social-Engineering-Technik, mit der Angreifer die Anwender dazu verleiten, schädliche Software auf ihren Geräten zu installieren. Im Gegensatz zu herkömmlichen, Exploit-basierten Angriffen basiert diese Methode…
Sophos X-Ops analysiert ClickFix- und macOS-Infostealer-Kampagnen

Mar 12, 2026 3:10 PM

Tags: macOS, malware, sophos

Sophos X-Ops stellt einen Anstieg von ClickFix- und Infostealer-Kampagnen für das Betriebssystem macOS fest und verzeichnet neue Techniken bei den Ködern und Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analysiert-clickfix-und-macos-infostealer-kampagnen/a44103/
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Mar 12, 2026 12:10 PM

Tags: apple, cve, exploit, flaw, iphone, macOS, update, vulnerability

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content.…
March Patch Tuesday: Three high severity holes in Microsoft Office

Mar 11, 2026 1:48 AM

Tags: ai, apache, backup, browser, chrome, cloud, credentials, cve, cvss, cyber, email, endpoint, exploit, google, incident, incident response, injection, insurance, iot, linux, macOS, malicious, microsoft, network, office, sap, soc, sql, tool, update, vulnerability, windows

aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
Fake Claude Code Spreads Malware to Windows, macOS Users

Mar 10, 2026 6:46 PM

Tags: macOS, malicious, malware, windows

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. The post Fake Claude Code Spreads Malware to Windows, macOS Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-claude-code-install-pages-malware-windows-macos/
CleanMyMac Imposter Site Installs SHub Stealer on Macs

Mar 9, 2026 8:48 PM

Tags: credentials, crypto, macOS, malware

A fake CleanMyMac site tricks macOS users into installing SHub Stealer malware that steals credentials and crypto wallets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cleanmymac-imposter-site-installs-shub-stealer-on-macs/
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mar 9, 2026 8:48 PM

Tags: access, credentials, cybersecurity, data, macOS, malicious, rat

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library…
Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS

Mar 9, 2026 7:48 PM

Tags: attack, crypto, macOS, password

Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets. First seen on hackread.com Jump to article: hackread.com/fake-cleanmymac-site-clickfix-shub-stealer-macos/
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets

Mar 9, 2026 3:48 PM

Tags: crypto, cyber, hacker, macOS

Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead of offering a standard installer, the page shows an “advanced” installation step telling users to “Open Terminal and paste the following command,” a pattern known in recent Mac campaigns as…
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution

Mar 9, 2026 8:47 AM

Tags: computer, cyber, data, macOS, malicious, open-source, tool, vulnerability

ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected just by processing an image even on macOS, often (incorrectly) thought to be immune to…
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS

Mar 9, 2026 7:47 AM

Tags: cve, cyber, flaw, kaspersky, macOS, malicious, malware, open-source, vulnerability

Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application and library for extracting and editing file metadata. If a macOS user processes a specially…
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS

Mar 9, 2026 6:48 AM

Tags: apple, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, macOS, network, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms. On March 5, 2026, CISA added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from network defenders and system administrators. These vulnerabilities impact a wide range of Apple devices…
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

Mar 6, 2026 2:47 PM

Tags: backdoor, credentials, crypto, macOS

We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets/