#macos-malware

[ follow ]
#clipboard-hijacking #supply-chain-attack #clawhub #openclaw #atomic-stealer #glassworm #open-vsx-supply-chain
Information security
fromThe Hacker News
1 day ago

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Malicious ClawHub skills use fake prerequisites to deliver trojans and the Atomic Stealer, exposing OpenClaw users to credential theft and supply-chain compromise.
Information security
fromSecurityWeek
1 day ago

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

GlassWorm was distributed via a compromised Open VSX publisher account to deliver a macOS-focused loader that steals browser data and cryptocurrency artifacts using Solana-based C2.
Information security
fromThe Hacker News
3 months ago

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

North Korea-linked Lazarus sub-group BlueNoroff conducts GhostCall and GhostHire campaigns targeting Web3 and blockchain professionals to install malware via phishing and booby-trapped repositories.
fromTechzine Global
3 months ago

Google Ads lead macOS developers to malware

The campaign spreads the Odyssey Stealer and AMOS (Atomic macOS Stealer) malware families. Both families focus on stealing system information, browser data, and crypto wallet login details. The attacks are carefully designed to exploit developers' trust. The fake Homebrew and TradingView sites display seemingly legitimate download portals with buttons such as Copy command. When a user clicks the button, a hidden, base64-encoded Terminal command is copied to the clipboard.
Information security
Information security
fromSecurityWeek
4 months ago

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions

XCSSET macOS malware's updated variant monitors the clipboard to hijack cryptocurrency transactions while adding persistence, browser targeting, and info-stealing capabilities.
Information security
fromThe Hacker News
4 months ago

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

A new XCSSET macOS malware variant targets browsers including Firefox, hijacks cryptocurrency clipboards, uses run-only AppleScripts, encryption, obfuscation, and added LaunchDaemon persistence.
Information security
fromThe Hacker News
4 months ago

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

New CHILLYHELL macOS backdoor and Go-based ZynorRAT RAT target macOS, Windows, and Linux, use persistence, C2 servers, and timestomping for stealth.
Information security
fromTechzine Global
4 months ago

macOS also contains backdoors: how the 'ChillyHell' malware works

ChillyHell is stealthy macOS malware that persists via LaunchAgent/LaunchDaemon, removes forensic artifacts, sleeps intermittently, and uses modular C2-driven capabilities to exfiltrate data.
fromHackernoon
2 years ago

The TechBeat: Turn a Regular Wallet into a Smart Account with EIP 7702 (8/11/2025) | HackerNoon

The Mac.c stealer emerges as a new significant player in the macOS infostealer sector, showcasing advanced tactics and a unique 'building in public' strategy that challenges AMOS.
Tech industry
[ Load more ]