A new variant of the SHub macOS infostealer, dubbed Reaper, employs a multi-stage execution chain that impersonates Apple, Microsoft, and Google to trick users into running malicious code. Once executed, it steals browser data, credentials from password managers, and cryptocurrency wallets while establishing persistence for continued access. This variant notably shifts away from earlier ClickFix social engineering techniques to a new, unspecified delivery method.
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. ClickFix gives way to a new delivery method Consistent with earlier SHub versions, Reaper uses a multi-stage execution chain. Researchers said this variant shifts away from standard ClickFix social engineering techniques, where victims are tricked into pasting commands into … More → The post New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain appeared first on Help Net Security .