"Researchers at SentinelOne are warning of a new SHub infostealer malware variant, dubbed Reaper. The malware targets macOS users and disguises itself as trusted platforms like WeChat and Miro, while spoofing interactions that mimic those from Microsoft, Apple, and Google to lure them into lowering their guard. The variant relies on trust and familiarity rather than exploiting any technical vulnerability, turning recognizable platforms into social-engineering bait."
"Unlike many malware campaigns that exploit a vulnerability on the user's device, Reaper's initial access and execution are driven by social engineering. According to the researchers, the variant has been observed tricking users attempting to download popular tools such as Miro and WeChat, prompting them to download what appears to be legitimate installers or helper files that will enable them to download the apps."
"The report notes that a typo-squatted URL from Microsoft infrastructure is used to make download sources appear legitimate, reducing suspicion where it matters most. Upon malware delivery, Apple-branded system prompts are reportedly used to persuade users to approve permissions. The user-granted permissions allow the malware to circumvent Apple's se"
"Beyond the disguise, the malware is designed to steal passwords, browser data, cryptocurrency-related data, and business files from infected systems. The researchers also warn that its behavior includes stealth persistence, meaning it retains access after the initial compromise."
SHub Reaper targets macOS users by disguising itself as familiar platforms and mimicking interactions associated with major technology brands. The malware does not rely on cracking security protections or exploiting technical vulnerabilities. Instead, it uses social engineering to lower user guard, including luring users into downloading installers or helper files that appear legitimate. It then uses platform-impersonation layers, including typo-squatted URLs from Microsoft infrastructure, to make download sources look trustworthy. After delivery, Apple-branded system prompts are used to persuade users to approve permissions. The granted permissions enable access to steal passwords, browser data, cryptocurrency-related data, and business files. The malware also uses stealth persistence to retain access after the initial compromise.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]