MacOS 

22.11.2023 Atomic Stealer Atomic Stealer distributed to Mac users via fake browser updates MALWARE Mac
25.12.2025 MacSync From ClickFix to code signed: the quiet shift of MacSync Stealer malware MALWARE Mac OS
3.4.23  MacStealer Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.  MALWARE MacOS
03.04.2026 Infiniti Stealer Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka MALWARE MACOS
26.09.2025 XCSSET XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory MALWARE MacOS
10.09.2025 ChillyHell ChillyHell: A Deep Dive into a Modular macOS Backdoor MALWARE MacOS
10.07.2025 macOS.ZuRu macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App MALWARE MacOS
03.07.2025 NimDoor  macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware MALWARE macOS
18.02.2025 FrigidStealer An Update on Fake Updates: Two New Actors, and New Mac Malware MALWARE MacOS
18.02.2025 XCSSET Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects, in the wild. MALWARE MacOS
05.02.2025 FERRET macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed MALWARE macOS
10.01.2025 Banshee Stealer Cracking the Code: How Banshee Stealer Targets macOS Users MALWARE MacOS
12.11.2024 Flutter APT Actors Embed Malware within macOS Flutter Applications MALWARE MacOS
28.08.2024 HZ Rat HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat MALWARE MacOS
23.08.2024 Cthulhu  From the Depths: Analyzing the Cthulhu Stealer Malware for macOS MALWARE MacOS
21.08.2024 TodoSwift TodoSwift Disguises Malware Download Behind Bitcoin PDF MALWARE MacOS
16.08.2024 Cuckoo  Update: Cuckoo Malware Evolves MALWARE MacOS
16.08.2024 BANSHEE Beyond the wail: deconstructing the BANSHEE infostealer MALWARE MacOS
24.07.2024 macOS.Macma Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma MALWARE macOS
31.03.2024 Atomic Stealer Infostealers continue to pose threat to macOS users MALWARE MacOS
17.02.2024 RustDoor New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group MALWARE macOS
06.01.2024 SpectralBlur Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) ... MALWARE macOS
06.01.2024 SpectralBlur Today will be a quick post on a TA444 (aka Sapphire Sleet, BLUENOROFF, STARDUST CHOLLIMA) Macho family tracked as SpectralBlur we found in August, and how finding it led us to stumble upon an early iteration of KANDYKORN (aka SockRacket). Please read Elastic’s EXCELLENT piece on that family.  MALWARE macOS
21.12.2023 JaskaGO Behind the scenes: JaskaGO’s coordinated strike on macOS and Windows MALWARE macOS
09.11.2023 ObjCShellz Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise.  MALWARE MacOS
01.11.2023 KANDYKORN Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.  MALWARE macOS
13.09.2023 MetaStealer  On March 7, 2022, KELA observed a threat actor named _META_ announcing the launch of META – a new information-stealing malware, available for sale for USD125 per month or USD1000 for unlimited use. MALWARE MacOS
09.09.2023 NetSupport RAT Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago.  MALWARE MacOS
09.09.2023 Atomic Stealer Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram MALWARE MacOS
02.09.2023 JokerSpy Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware MALWARE MacOS
22.08.2023 Xloader Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well.  MALWARE MacOS
21.08.2023 AdLoad AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. MALWARE MacOS
26.07.2023 Realst  In the case of macOS, the infostealer turned out to be a new malware written in Rust, dubbed “realst”.  MALWARE MacOS
07.07.2023 GorjolEcho TA453 continues to adapt its malware arsenal, deploying novel file types and targeting new operating systems, specifically sending Mac malware.. MALWARE MacOS
26.06.2023 JOKERSPY An overview of JOKERSPY, discovered in June 2023, which deployed custom and open source macOS tools to exploit a cryptocurrency exchange located in Japan.  MALWARE MacOS
07.06.2023 MacStealer Being yet another infostealing malware surfacing in the cybercriminal arena within the latest month, MacStealer gains popularity on the underground forums due to its relatively low price and broad malicious capabilities. To tune up security protections against novel malware strains, security practitioners need a reliable source of detection content to spot possible attacks at the earliest stages of development.  MALWARE MacOS
16.05.2023 TrafficStealer The TrafficStealer malware employs open container APIs to redirect web traffic to specific sites and manipulate user interaction with ads. MALWARE MacOS
12.04.2023 KingsPawn Contains a monitor agent and the primary malware agent, both of which are Mach-O files written in Objective-C and Go, respectively. MALWARE MacOS
09.01.2023 Dridex  Originally, this post claimed that Dridex had returned. However, further research and analysis has led us to believe that the initial conclusion was incorrect. MALWARE MacOS malware
09.07.2023 Noknok Noknok is a remote administration tool (RAT). RATs vary in severity and have a variety of functions to meet the needs of the attacker. MALWARE MacOS RAT