SHub macOS infostealer variant spoofs Apple security updates
Summary
A new variant of the SHub macOS infostealer has been identified, employing AppleScript to trick users into believing they are installing a legitimate security update. This malicious update, in reality, installs a backdoor on the compromised macOS system, enabling further compromise.
IFF Assessment
This describes a new malware variant designed to trick users and compromise their systems, posing a direct threat to defenders.
Defender Context
Defenders should be aware of this new SHub variant that leverages social engineering by mimicking Apple security updates. This highlights the ongoing need for user education on identifying phishing attempts and the importance of vigilant patch management and endpoint detection and response (EDR) solutions to detect and mitigate such threats.