🚨 Microsoft flags new XCSSET #macOS malware variant targeting developers.

⚠️ Steals Firefox data & credentials
⚠️ Hijacks clipboard to redirect crypto
⚠️ Malicious repos on GitHub already removed

Stay on guard, devs. 🛡️

#CyberSecurity #MacMalware #MicrosoftThreatIntel #XCSSET #InfoSec

New Cross-Platform Malware ‘ModStealer’ Targets macOS, Windows, and Linux Users   After cautioning 9to5Mac last month about undetectable Mac malware hidden in a fake PDF converter site, Mosyle—an Apple device management and security firm—has revealed another dangerous threat. The newly discovered malware, named ModStealer, has gone unnoticed by major antivirus tools since it first surfaced on VirusTotal nearly a month ago. In an exclusive briefing with 9to5Mac, Mosyle explained that ModStealer is not limited to macOS. Instead, it is a cross-platform infostealer designed with a single purpose: stealing sensitive data. According to Mosyle’s research, attackers are distributing ModStealer through malicious job recruiter ads aimed at developers. The malware leverages a heavily obfuscated JavaScript file built with NodeJS, making it invisible to signature-based security systems. It threatens not just Mac users but also Windows and Linux environments. The primary mission of ModStealer is data exfiltration. It specifically targets cryptocurrency wallets, login credentials, system configuration files, and digital certificates. Mosyle uncovered code tailored to 56 different browser wallet extensions—including Safari—designed to harvest private keys and other confidential account information. Beyond data theft, ModStealer can perform clipboard hijacking, screen capturing, and even remote code execution. While the first two are already dangerous, the latter grants attackers nearly full control of compromised systems. What makes this malware especially concerning is its stealth. Because signature-based tools fail to detect it, ModStealer can silently operate in the background. On macOS, it achieves persistence by exploiting Apple’s launchctl tool, embedding itself as a LaunchAgent to continuously monitor activities and send stolen information to a remote server. Mosyle traced the data server to Finland but found links to infrastructure in Germany, suggesting an attempt to disguise the attackers’ true location. Mosyle also believes ModStealer may be offered as part of the growing Malware-as-a-Service (MaaS) industry, where cybercriminals develop malicious tools and sell them to affiliates with little technical expertise. These affiliates can then deploy the malware for their own objectives. This approach has become increasingly popular, especially for infostealers. Jamf previously reported a 28% rise in infostealer malware earlier this year, calling it the most common Mac malware family in 2025. “For security professionals, developers, and end users alike, this serves as a stark reminder that signature-based protections alone are not enough. Continuous monitoring, behavior-based defenses, and awareness of emerging threats are essential to stay ahead of adversaries,” Mosyle warns.

New Cross-Platform Malware ‘ModStealer’ Targets macOS, Windows, and Linux Users #Appledevicesecurity #crossplatforminfostealer #MacMalware

Jamf Threat Labs Uncovers New Activity of Mac Malware ‘ChillyHell’   Jamf Threat Labs has published a new report highlighting the resurgence of Mac malware known as ChillyHell. Initially detected in 2021 and later privately disclosed by cybersecurity company Mandiant in 2023, the malware resurfaced this past May when Jamf identified a fresh sample on VirusTotal—a platform used for analyzing suspicious files and URLs. Once a Mac is compromised, ChillyHell can steal sensitive data such as usernames and passwords. What sets this malware apart is its ability to use timestomping—altering file timestamps—and its capability to switch C2 protocols to bypass detection. According to Jamf, “the developer certificates associated with ChillyHell have been revoked.” While this action restricts its ongoing development, it doesn’t mean the malware has completely disappeared from circulation. How Mac Users Can Stay Protected from Malware To minimize the risk of infection, avoid downloading applications from unverified sources such as GitHub or third-party websites. The Mac App Store remains the safest place to install apps, as Apple rigorously vets software before publishing. Alternatively, purchase apps directly from trusted developers via their official websites. Using cracked or pirated software dramatically increases the risk of malware exposure. Users should also avoid clicking links in unsolicited emails or messages. If a message appears legitimate, verify the sender’s email and check the link carefully. On a Mac, you can Control-click a link, choose Copy Link Address, and paste it into a text editor to preview the real URL before visiting. For additional security, Macworld offers resources such as a guide on whether antivirus software is necessary, a detailed list of Mac viruses and trojans, and a comparison of the best Mac security software available. Apple also provides built-in protections in macOS and releases regular security updates. Installing these updates promptly is essential, as Apple reissues corrected patches if any flaws are found.

Jamf Threat Labs Uncovers New Activity of Mac Malware ‘ChillyHell’ #ChillyHellmalware #JamfThreatLabsreport #MacMalware

North Korean hackers deepfake execs in Zoom call to spread Mac malware pretending to be outside experts who wanted read more about North Korean hackers deepfake execs in Zoom call to spread Mac malware

North Korean hackers deepfake execs in Zoom call to spread Mac malware reconbee.com/north-korean...

#northkoreanhackers #deepfake #zoomcall #Macmalware #malwareattack

2,800+ Websites Hijacked To Spread AMOS Malware To Mac Users AMOS malware spreads through over 2,800 hijacked websites using fake reCAPTCHA screens to trick Mac users into installing the data-stealing threat.

Over 2,800 Websites Hijacked to Spread AMOS Malware to Mac Users #MacMalware #CyberSecurity #DataPrivacy #Spyware
www.squaredtech.co/2800-website...

An Update on Fake Updates: Two New Actors, and New Mac Malware | Proofpoint US Key findings  Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727.  Proofpoint identified a new

macOS users, beware! Fake updates are back with a vengeance—two new threat actors and sneaky Mac malware are on the loose. Stay sharp and keep your systems secure. 🖥️🔗 www.proofpoint.com/us/blog/thre... #Cybersecurity #MacMalware #ThreatIntel

Neue Bedrohung für macOS: AmosStealer will eure Krypto-Wallets Gefährliche Malware AmosStealer greift Mac-Benutzer an: Passwörter und Krypto-Wallets jetzt vor Diebstahl schützen! Der Artikel <a href="https://tarnkappe.info/artikel/it-sicherheit/neue-bedrohung-fuer-macos-amosstealer-will-eure-krypto-wallets-308494.html">Neue Bedrohung für macOS: AmosStealer will eure Krypto-Wallets</a> erschien zuerst auf <a href="https://tarnkappe.info">TARNKAPPE.INFO</a>

📬 Neue Bedrohung für macOS: AmosStealer will eure Krypto-Wallets

#ITSicherheit #Malware #Cyberkriminalität #Datensicherheit #KryptoWallets #MacMalware #macOSSicherheit #PhishingAngriff

🚨 Nuevo malware en #MacOS, “Banshee”, evade detección utilizando los propios métodos de cifrado de Apple. Detectado después de más de 2 meses, roba contraseñas de iCloud y criptomonedas. ¡Cuidado con lo que descargas! 🛡️ #SeguridadApple #MacMalware