New infostealer malware hides on Mac disguised as official Apple tools
A new macOS infostealer malware named SHub Reaper disguises itself as legitimate Apple security software to steal sensitive information. It utilizes AppleScript and trusted macOS processes to evade detection by traditional malware scanners. This advanced version of the SHub Stealer family targets passwords, cryptocurrency wallets, and other confidential files while appearing to be a routine system process.
- ▪SHub Reaper disguises itself as Apple security software to steal passwords and cryptocurrency wallets.
- ▪The malware uses AppleScript and legitimate macOS processes to hide its activities from traditional scanning tools.
- ▪It targets various password managers and cryptocurrency wallet extensions, expanding its capabilities beyond credential theft.
Opening excerpt (first ~120 words) tap to expand
News New infostealer malware hides on Mac disguised as official Apple tools Andrew Orr 0 e-mail BlueSky Mastodon X Facebook Reddit Mon May 18 2026, 09:01 AM EDT · 3 minute read HTML source code showing the construction of the malicious AppleScript. Image credit: SentinelOne Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. The malware abuses AppleScript and legitimate macOS system processes to hide its activity and avoid some traditional malware scanning tools. SentinelOne said Reaper is a more advanced version of the SHub Stealer malware family that has circulated through macOS-focused criminal campaigns for the last two years.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at AppleInsider.
Discussion
0 commentsMore from AppleInsider
