macOS
Atomic macOS infostealer adds backdoor for persistent attacks
Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor, to attackers persistent access to compromised systems. The new component allows executing arbitrary remote commands, it survives reboots, and permits maintaining control over infected hosts indefinitely. MacPaw’s cybersecurity division Moonlock analyzed the backdoor in Atomic malware after a […]
NimDoor crypto-theft macOS malware revives itself when killed
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. Researchers analyzing the payloads discovered that the attacker relied on unusual techniques and a previously unseen signal-based persistence mechanism. The attack chain, which involves contacting victims via Telegram and luring them into running […]
North Korean hackers deepfake execs in Zoom call to spread Mac malware
The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff […]
Dark Partners cybercrime gang fuels large-scale crypto heists
A sprawling network of fake AI, VPN, and crypto software download sites is being used by the “Dark Partner” threat actors to conduct a crypto theft attacks worldwide. Masquerading as popular apps, these cloned sites deliver the Poseiden (macOS) and Lumma (Windows) infostealers and malware loaders like Payday. This malware is used to steal cryptocurrency […]
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. Ledger is a popular hardware-based wallet designed to store cryptocurrency offline (cold storage) and in a secure manner. A seed or recovery phrase is a set […]
Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE attacks
A set of security vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. According to cybersecurity company Oligo Security security researchers who discovered and reported the flaws, they can be exploited in zero-click and one-click RCE attacks, man-in-the-middle (MITM) attacks, […]
Apple fixes two zero-days exploited in targeted iPhone attacks
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an “extremely sophisticated attack” against specific targets’ iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. “Apple is aware of a report that this issue may have been exploited in […]
Apple backports zero-day patches to older iPhones and Macs
Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. At the same time, the consumer tech giant released security updates for the latest stable iOS, iPadOS, and macOS, addressing numerous security flaws. Backporting zero-day fixes The first backport concerns CVE-2025-24200, a flaw […]
North Korean hackers adopt ClickFix attacks to target crypto firms
The notorious North Korean Lazarus hacking group has reportedly adopted ‘ClickFix’ tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). This development, reported by Sekoia, is seen as an evolution of the threat actor’s ‘Contagious Interview’ campaign that similarly targets job seekers in the AI and cryptocurrency space. ClickFix […]
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in “extremely sophisticated” attacks. The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform web browser engine used by Apple’s Safari web browser and many other apps and web browsers on macOS, iOS, Linux, and Windows. […]