SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
Summary
A new macOS infostealer campaign, dubbed "Reaper" and part of the SHub malware family, has been identified. This variant impersonates Apple, Google, and Microsoft to trick users into executing malicious scripts via Apple's Script Editor, bypassing previous Terminal-based attack defenses.
IFF Assessment
This is bad news for defenders as it describes a new, more sophisticated macOS infostealer that is harder to detect and exploit.
Defender Context
Defenders should be aware of this evolving macOS threat that uses social engineering to leverage native applications like Script Editor for credential theft. It highlights the need for user education on recognizing fake security alerts and the importance of keeping operating systems and security software updated to counter new attack vectors.