The Role of Domain-Specific Features in Malware Detection: A MacOS Case Study

Despite the growing popularity of macOS among end users and enterprise systems, malware research has primarily focused on Windows and Android operating systems, leaving the problem of macOS malware detection relatively unexplored. Indeed, the specificity of the operating system and the unique...

Fake BlueWallet steals passwords, accounts, and crypto from Macs

A fake website impersonating BlueWallet a real Bitcoin wallet is targeting Mac users with a simple but effective attack. BlueWallet itself has not been compromised. Instead, cybercriminals have stolen the name and branding of the legitimate Bitcoin wallet to make a malicious download appear...

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering...

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations...

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

A convincing fake version of the popular Mac utility CleanMyMac is tricking users into installing malware. The site instructs visitors to paste a command into Terminal. If they do, it installs SHub Stealer, macOS malware designed to steal sensitive data including saved passwords, browser data,...

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…...

Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware

Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the...

ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy

A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,…...

COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware a new variant of AMOS infostealer, stealing…...

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the...

N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates

SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data...

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber...

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,"...

`rands` was removed from crates.io for malicious code

This crate attempted to typosquat the rand crate, and would link in a malware payload on macOS and Linux hosts when built. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available. The related...

New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check...

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist

Plus: An “AI granny” is wasting scammers’ time, a lawsuit goes after spyware-maker NSO Group’s executives, and North Korea–linked hackers take a crack at macOS malware...

North Korean Hackers Target macOS Using Flutter-Embedded Malware

Threat actors with ties to the Democratic People's Republic of Korea DPRK aka North Korea have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery...

A week in security (September 2 – September 8)

Last week on Malwarebytes Labs: Lowe’s employees phished via Google ads Planned Parenthood partly offline after ransomware attack "Hello pervert" sextortion scam includes new threat of Pegasus—and a picture of your home How to avoid election related scams London’s city transport hit by...

New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data

Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been...

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne,...