#MacOSAttack

New macOS stealer campaign uses Script Editor in ClickFix attack Researchers observed a new campaign delivering the Atomic Stealer to macOS users by abusing the built-in Script Editor via applescript:// links that open pre-filled malicious code. The obfuscated 'curl | zsh' payload decodes and runs a Mach-O Atomic Stealer binary that harvests Keychain items, browser wallet extensions, passwords, cookies, and system data, so users should avoid running Script Editor prompts and follow official Apple guidance. #AtomicStealer #ScriptEditor

New macOS campaign exploits Script Editor via applescript:// links on fake Apple sites, delivering Atomic Stealer to harvest Keychain, wallets, passwords, and cookies through obfuscated ‘curl | zsh’ payloads. #AtomicStealer #macOSAttack #Apple

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs Malwarebytes reports a macOS-targeted ClickFix campaign that lures victims to paste and run a Cloudflare-themed Terminal command which downloads a Bash script that deploys a Nuitka-compiled loader and the Infiniti Stealer information stealer. The Python-based stealer harvests browser credentials, Keychain items, crypto wallets, developer secrets and screenshots, exfiltrates data to a...

A new macOS attack uses a fake Cloudflare page to trick users into pasting a Terminal command that downloads a Bash script deploying Infiniti Stealer, harvesting sensitive data including browser creds and crypto wallets. #InfinitiStealer #MacOSAttack