MacOS
| 22.11.2023 | Atomic Stealer | Atomic Stealer distributed to Mac users via fake browser updates | MALWARE | Mac |
| 25.12.2025 | MacSync | From ClickFix to code signed: the quiet shift of MacSync Stealer malware | MALWARE | Mac OS |
| 3.4.23 | MacStealer | Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs. | MALWARE | MacOS |
| 03.04.2026 | Infiniti Stealer | Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka | MALWARE | MACOS |
| 26.09.2025 | XCSSET | XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory | MALWARE | MacOS |
| 10.09.2025 | ChillyHell | ChillyHell: A Deep Dive into a Modular macOS Backdoor | MALWARE | MacOS |
| 10.07.2025 | macOS.ZuRu | macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App | MALWARE | MacOS |
| 03.07.2025 | NimDoor | macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware | MALWARE | macOS |
| 18.02.2025 | FrigidStealer | An Update on Fake Updates: Two New Actors, and New Mac Malware | MALWARE | MacOS |
| 18.02.2025 | XCSSET | Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects, in the wild. | MALWARE | MacOS |
| 05.02.2025 | FERRET | macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed | MALWARE | macOS |
| 10.01.2025 | Banshee Stealer | Cracking the Code: How Banshee Stealer Targets macOS Users | MALWARE | MacOS |
| 12.11.2024 | Flutter | APT Actors Embed Malware within macOS Flutter Applications | MALWARE | MacOS |
| 28.08.2024 | HZ Rat | HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat | MALWARE | MacOS |
| 23.08.2024 | Cthulhu | From the Depths: Analyzing the Cthulhu Stealer Malware for macOS | MALWARE | MacOS |
| 21.08.2024 | TodoSwift | TodoSwift Disguises Malware Download Behind Bitcoin PDF | MALWARE | MacOS |
| 16.08.2024 | Cuckoo | Update: Cuckoo Malware Evolves | MALWARE | MacOS |
| 16.08.2024 | BANSHEE | Beyond the wail: deconstructing the BANSHEE infostealer | MALWARE | MacOS |
| 24.07.2024 | macOS.Macma | Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma | MALWARE | macOS |
| 31.03.2024 | Atomic Stealer | Infostealers continue to pose threat to macOS users | MALWARE | MacOS |
| 17.02.2024 | RustDoor | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | MALWARE | macOS |
| 06.01.2024 | SpectralBlur | Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) ... | MALWARE | macOS |
| 06.01.2024 | SpectralBlur | Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family. | MALWARE | macOS |
| 21.12.2023 | JaskaGO | Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows | MALWARE | macOS |
| 09.11.2023 | ObjCShellz | Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise. | MALWARE | MacOS |
| 01.11.2023 | KANDYKORN | Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware. | MALWARE | macOS |
| 13.09.2023 | MetaStealer | On March 7, 2022, KELA observed a threat actor named _META_ announcing the launch of META – a new information-stealing malware, available for sale for USD125 per month or USD1000 for unlimited use. | MALWARE | MacOS |
| 09.09.2023 | NetSupport RAT | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. | MALWARE | MacOS |
| 09.09.2023 | Atomic Stealer | Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram | MALWARE | MacOS |
| 02.09.2023 | JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware | MALWARE | MacOS |
| 22.08.2023 | Xloader | Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well. | MALWARE | MacOS |
| 21.08.2023 | AdLoad | AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. | MALWARE | MacOS |
| 26.07.2023 | Realst | In the case of macOS, the infostealer turned out to be a new malware written in Rust, dubbed “realst”. | MALWARE | MacOS |
| 07.07.2023 | GorjolEcho | TA453 continues to adapt its malware arsenal, deploying novel file types and targeting new operating systems, specifically sending Mac malware.. | MALWARE | MacOS |
| 26.06.2023 | JOKERSPY | An overview of JOKERSPY, discovered in June 2023, which deployed custom and open source macOS tools to exploit a cryptocurrency exchange located in Japan. | MALWARE | MacOS |
| 07.06.2023 | MacStealer | Being yet another infostealing malware surfacing in the cybercriminal arena within the latest month, MacStealer gains popularity on the underground forums due to its relatively low price and broad malicious capabilities. To tune up security protections against novel malware strains, security practitioners need a reliable source of detection content to spot possible attacks at the earliest stages of development. | MALWARE | MacOS |
| 16.05.2023 | TrafficStealer | The TrafficStealer malware employs open container APIs to redirect web traffic to specific sites and manipulate user interaction with ads. | MALWARE | MacOS |
| 12.04.2023 | KingsPawn | Contains a monitor agent and the primary malware agent, both of which are Mach-O files written in Objective-C and Go, respectively. | MALWARE | MacOS |
| 09.01.2023 | Dridex | Originally, this post claimed that Dridex had returned. However, further research and analysis has led us to believe that the initial conclusion was incorrect. | MALWARE | MacOS malware |
| 09.07.2023 | Noknok | Noknok is a remote administration tool (RAT). RATs vary in severity and have a variety of functions to meet the needs of the attacker. | MALWARE | MacOS RAT |