A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor.

Hackers are using fake Apple, Google and Microsoft updates to trick Mac users into installing dangerous password-stealing malware.

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor.

While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack

SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.