Find notable cyber news and cases, enriched with sources, timelines, and signals.

SHub Reaper macOS infostealer variant

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

The SHub Reaper macOS infostealer now uses AppleScript and a fake Apple security update lure to infect Macs, raising the risk of credential theft and remote access. It steals browser data, crypto wallet information, and sensitive files from compromised systems while hiding its payload behind a malicious installer flow. The malware also installs LaunchAgent persistence, which can keep attacker access alive after execution.

Related Happenings

QuimaRAT cross-platform Java MaaS remote access trojan

Malware Activity
H score29 First: 06.07.2026 11:13 Last: 06.07.2026 11:13 Sources 1

About this happening: A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...

Trojanized Pyrogram forks with hidden Telegram backdoor

Malware Activity
H score14 First: 01.07.2026 00:02 Last: 01.07.2026 00:02 Sources 1

About this happening: Trojanized **Pyrogram** forks on **PyPI** now ship a hidden backdoor that gives attackers remote command execution and file access on compromised **Telegram bot servers**. The mal...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

TonRAT Node.js implant with TON blockchain C2

Malware Activity
H score24 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: **TonRAT** is using a **Node.js implant** to hide command-and-control lookups behind the **TON blockchain API**, increasing the chance that blocking and detection will fail. The a...

MacOS.Gaslight AI-analysis evasion malware

Malware Activity
H score22 First: 25.06.2026 19:23 Last: 25.06.2026 19:23 Sources 1

About this happening: The **macOS.Gaslight** malware family now embeds **prompt injection strings** and fake system-failure messages to confuse **AI-assisted malware analysis** tools, risking aborted o...

Timeline

  1. 19.05.2026 00:42 2 articles · 1mo ago

    SentinelOne identifies SHub Reaper macOS infostealer

    Initial Disclosure

    SentinelOne identified Reaper, a new SHub macOS infostealer variant that uses an applescript:// URL scheme to open Script Editor with malicious AppleScript, shows a fake Apple security update referencing XProtectRemediator, steals browser data and crypto wallets, targets iCloud, Telegram, and developer files, grabs sensitive files from Desktop and Documents, installs LaunchAgent persistence, and can extend access with remote payload execution; the lure uses fake WeChat and Miro installers and the malware exits on systems with Russian keyboard/input.

    Show sources