#macos-malware

[ follow ]
#clipboard-hijacking #north-korea #lazarus-group #web3-security #phishing #social-engineering
Information security
fromThe Hacker News
2 days ago

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

North Korea-linked Lazarus sub-group BlueNoroff conducts GhostCall and GhostHire campaigns targeting Web3 and blockchain professionals to install malware via phishing and booby-trapped repositories.
fromTechzine Global
2 weeks ago

Google Ads lead macOS developers to malware

The campaign spreads the Odyssey Stealer and AMOS (Atomic macOS Stealer) malware families. Both families focus on stealing system information, browser data, and crypto wallet login details. The attacks are carefully designed to exploit developers' trust. The fake Homebrew and TradingView sites display seemingly legitimate download portals with buttons such as Copy command. When a user clicks the button, a hidden, base64-encoded Terminal command is copied to the clipboard.
Information security
Information security
fromSecurityWeek
1 month ago

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions

XCSSET macOS malware's updated variant monitors the clipboard to hijack cryptocurrency transactions while adding persistence, browser targeting, and info-stealing capabilities.
Information security
fromThe Hacker News
1 month ago

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

A new XCSSET macOS malware variant targets browsers including Firefox, hijacks cryptocurrency clipboards, uses run-only AppleScripts, encryption, obfuscation, and added LaunchDaemon persistence.
Information security
fromThe Hacker News
1 month ago

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

New CHILLYHELL macOS backdoor and Go-based ZynorRAT RAT target macOS, Windows, and Linux, use persistence, C2 servers, and timestomping for stealth.
Information security
fromTechzine Global
1 month ago

macOS also contains backdoors: how the 'ChillyHell' malware works

ChillyHell is stealthy macOS malware that persists via LaunchAgent/LaunchDaemon, removes forensic artifacts, sleeps intermittently, and uses modular C2-driven capabilities to exfiltrate data.
fromHackernoon
1 year ago

The TechBeat: Turn a Regular Wallet into a Smart Account with EIP 7702 (8/11/2025) | HackerNoon

The Mac.c stealer emerges as a new significant player in the macOS infostealer sector, showcasing advanced tactics and a unique 'building in public' strategy that challenges AMOS.
Tech industry
[ Load more ]