Researchers at Kandji dug into a new stealer, using the command and control server domain appleprocesshub[.]com
, first noticed by MalwareHunterTeam on Twitter (no, I will not call it X, nor will I link to anything there). Findings are both interesting and vague.
Month: May 2025
Malware campaigns targeting Ledger users
Moonlock Lab outlined 4 different campaigns, all targeting users of the Mac version of Ledger Live, a cryptocurrency management app. Among other techniques described, they mentioned a newly-observed technique for phishing seed phrases.
Continue reading Malware campaigns targeting Ledger usersA look at a modern Python stealer
The folks over at Jamf found and analyzed a stealer built in Python, and compiled into a Mac app using PyInstaller. As they point out, it’s not new to see Mac malware using PyInstaller, but to their knowledge this is the first stealer to do so. Let’s take a look.
Continue reading A look at a modern Python stealerMalicious npm packages infect Cursor AI
Kirill Boychenko revealed, on May 7, findings that showed several malicious npm packages targeting Mac developers. The malware was specifically targeting developers using the Cursor AI code editor, with the purpose of stealing Cursor credentials and modifying the Cursor app.
Continue reading Malicious npm packages infect Cursor AIMac stealer distributed via fake CAPTCHAs
In a very interesting article on BadByte, it was revealed that a malicious CAPTCHA had been spotted on a legitimate site that had been compromised. The CAPTCHA was designed to trick the user into actions that would infect the machine with Atomic Stealer. Worse, this campaign, dubbed MacReaper, was then tracked to around 2,800 other potentially compromised sites.
Continue reading Mac stealer distributed via fake CAPTCHAsBanshee stealer updates
Kaspersky posted a summary of some high-level updates on Banshee back in January. Although it’s a bit light on specific details about behavior, there’s still some very interesting information there.
Continue reading Banshee stealer updatesReboot!
This blog has languished without a clear purpose ever since I created it. I simply never had time to flesh it out. It’s time for that to change. Expect to see more articles here, starting now!
Continue reading Reboot!