#cryptocurrency — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cryptocurrency, aggregated by home.social.
-
https://www.europesays.com/news/28719/ Crypto industry scores win as Clarity Act bill clears Senate hurdle #BankingAndCreditRegulation #Banks #BreakingNews:Politics #BusinessNews #CoinbaseGlobal #corruption #Cryptocurrency #CryptocurrencyExchanges #DonaldJTrump #DonaldTrump #Headlines #News #Politics #TimScott #TopStories #USSenate
-
Senate Banking Committee advances the Digital Asset Market Clarity Act in a 15-9 vote, moving the crypto regulatory bill toward a full Senate vote
The Senate Banking Committee voted 15-9 to advance the Digital Asset Market Clarity Act, moving the comprehensive crypto regulatory bill toward a full Senate vote.
https://newsnews.ai/article/senate-banking-committee-advances-crypto-clarity-act
-
Crypto industry scores win as Clarity Act bill clears Senate hurdle https://www.byteseu.com/2019736/ #Banks #BreakingNews:Politics #BusinessNews #CoinbaseGlobal #Corruption #Crypto #CryptoCurrency #DonaldTrump #DonaldJTrump #Politics #TimScott
-
Claude AI recovers an 11 yrs old BTC wallet holding 400k USD
#HackerNews #ClaudeAI #BitcoinWallet #CryptoRecovery #BlockchainTech #Cryptocurrency
-
Claude AI recovers an 11 yrs old BTC wallet holding 400k USD
#HackerNews #ClaudeAI #BitcoinWallet #CryptoRecovery #BlockchainTech #Cryptocurrency
-
Claude AI recovers an 11 yrs old BTC wallet holding 400k USD
#HackerNews #ClaudeAI #BitcoinWallet #CryptoRecovery #BlockchainTech #Cryptocurrency
-
Claude AI recovers an 11 yrs old BTC wallet holding 400k USD
#HackerNews #ClaudeAI #BitcoinWallet #CryptoRecovery #BlockchainTech #Cryptocurrency
-
Claude AI recovers an 11 yrs old BTC wallet holding 400k USD
#HackerNews #ClaudeAI #BitcoinWallet #CryptoRecovery #BlockchainTech #Cryptocurrency
-
Price = 401.45$
Low Price = 389.03 $
High Price = 407.55 $
Height = 3673913
Hashrate = 5.98 Gh/s
Difficulty = 717.47 G -
Price = 398.91$
Low Price = 389.03 $
High Price = 407.94 $
Height = 3673894
Hashrate = 5.93 Gh/s
Difficulty = 711.3 G -
Crypto Weekly Farage’s donation investigated, stablecoin disagreements
From Nigel Farage's controversial donation to a stablecoin disagreement, we round up the crypto news of the week. #News #Reuters #Newsfeed #crytpo #cryptocurrency #nigelfarage #farage #stablecoin 👉 Subscribe: Keep up with the latest news from around the world: Follow Reuters on Facebook: Follow Reuters on X: Follow Reuters on Instagram:
https://fllics.com/en/video/crypto-weekly-farages-donation-investigated-stablecoin-disagreements/
-
CLARITY Act Returns to Senate as Crypto Bill Faces Banks, Democrats and A Tight Deadline https://www.byteseu.com/2019069/ #CLARITYAct #Crypto #CryptoBill #CryptoCurrency #DigitalAssets #SECRules #SenateVote #stablecoins
-
Bitcoin trader recovers $400,000 using Claude AI after losing wallet password 11 years ago — bot tried 3.5 trillion passwords before decrypting an old wallet backup
-
Artificial Intelligence Threat To Crypto Underestimated, Says This Influential Analyst: Security Becoming https://www.byteseu.com/2018767/ #Category:Cryptocurrency #Category:News #CMS:WordPress #Crypto #CryptoCurrency #PageIsBzPro:BZ #Symbol:$BNB #Symbol:$BTC #Symbol:$DOGE #Symbol:$ZEC #Tag:ArtificialIntelligence #Tag:Binance #Tag:CryptoScams #Tag:Cryptocurency
-
Bitcoin, Ethereum, XRP Fall, But Dogecoin Gains Ahead Of Crypto Act Markup In Senate: This Analyst Is Bra https://www.byteseu.com/2018142/ #Category:Cryptocurrency #Category:MarketMovingExclusives #Category:News #CMS:WordPress #Crypto #CryptoCurrency #PageIsBzPro:BZ #Symbol:$BTC #Symbol:$DOGE #Symbol:$ETH #Symbol:$SOL #Symbol:$XRP #Symbol:BMNR #Symbol:MSTR #Symbol:NVDA #Tag:Crypto #Tag:CryptoLegislation #Tag:DonaldTrump
-
Live: ASX to open slightly down as markets continue to digest federal budget
By Alison BranleyThe ASX 200 is expected to open slightly down as markets make sense of the federal budget. Follow the day's events and insights from our business reporters on the ABC News live markets blog.
https://www.abc.net.au/news/2026-05-14/asx-markets-business-live-news/106677074
#StockMarket #FinancialMarkets #Currency #Cryptocurrency #Economy #CompanyNews #AlisonBranley
-
Monex Articles Shake-up, KDDI Crypto Tie-up Could Be A Game Changer For Monex Group (TSE:8698) https://www.byteseu.com/2017207/ #ArticlesOfIncorporation #AssetManagement #Crypto #CryptoCurrency #KDDI #MonexGroup #OnlineBrokerage #ProfitGrowth #ProfitRecovery
-
https://www.europesays.com/videos/26024/ Nigel Farage investigated over £5 million gift from crypto billionaire #Bitcoin #Channel4 #Channel4News #Channel4 #crypto #cryptocurrency #FarRight #farage #investigation #KeirStarmer #NigelFarage #parliament #politics #reform #ReformParty #ReformUK #UKGovernment #UKPolitics
-
Coinbase CEO Says CLARITY Is ‘Closer Than Ever’ — Crypto Investors Are Watching – Coinbase Global (NASDAQ https://www.byteseu.com/2016899/ #Category:Cryptocurrency #Category:LongIdeas #Category:Markets #Category:Regulations #Category:TradingIdeas #CMS:WordPress #Crypto #CryptoCurrency #PageIsBzPro:BZ #Symbol:$BTC #Symbol:COIN #Tag:BrianArmstrong #Tag:Crypto #Tag:CryptoMarket #Tag:ExpertIdeas #Tag:StoriesThatMatter
-
Price = 408.58$
Low Price = 395.38 $
High Price = 415.79 $
Height = 3673083
Hashrate = 5.48 Gh/s
Difficulty = 657.62 G -
Phoenix Group Bets on Lyon to Anchor $8 Billion AI Push as BTC Mining Slump Deepens https://www.byteseu.com/2015279/ #Crypto #CryptoCurrency #Phoenix
-
Coinbase and Morpho Unveil Solana-Backed Loans https://www.byteseu.com/2014667/ #Coinbase #Crypto #CryptoCurrency #DigitalAssets #Morpho #News #PYMNTSNews #solana #What'sHot
-
Trump Media Scales Back Plans for Its Own Prediction Market
-
Trump Media Scales Back Plans for Its Own Prediction Market
-
Trump Media Scales Back Plans for Its Own Prediction Market
-
Trump Media Scales Back Plans for Its Own Prediction Market
-
Price = 404.02$
Low Price = 402.0 $
High Price = 420.8 $
Height = 3672366
Hashrate = 5.94 Gh/s
Difficulty = 713.1 G -
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
A sophisticated multi-stage infection chain was identified through proactive threat hunting, beginning with the execution of MicrosoftToolkit.exe, a commonly abused hack tool. The attack employed file masquerading techniques, renaming a .dot file to .bat format to evade detection. The malware performed process discovery and attempted to terminate security-related processes before extracting payloads using extract32.exe. An AutoIt-compiled executable (Replies.scr) functioned as a loader, processing an external encrypted payload file and establishing command-and-control communication with infrastructure associated with Vidar Stealer. The malware demonstrated advanced anti-analysis capabilities, including debugger detection and instrumentation callback queries. It targeted credentials, browser data, cryptocurrency wallets, and system information. Post-execution cleanup routines deleted artifacts and terminated processes to minimize forensic evidence and evade detection, significantly complicating incident res...
Pulse ID: 6a01c2382e61b490cfa457e4
Pulse Link: https://otx.alienvault.com/pulse/6a01c2382e61b490cfa457e4
Pulse Author: AlienVault
Created: 2026-05-11 11:49:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #Browser #CyberSecurity #InfoSec #Malware #Microsoft #Nim #OTX #OpenThreatExchange #RAT #Vidar #bot #cryptocurrency #AlienVault
-
Malicious PyPI Package Embeds Multi-Layer Encrypted Backdoor to Steal Users’ Cryptocurrency Information — HelixGuard
Pulse ID: 6a01c0fff6a09f21f8fe5e4f
Pulse Link: https://otx.alienvault.com/pulse/6a01c0fff6a09f21f8fe5e4f
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:43:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #bot #cryptocurrency #CyberHunter_NL
-
Price = 409.61$
Low Price = 401.81 $
High Price = 414.75 $
Height = 3671697
Hashrate = 6.0 Gh/s
Difficulty = 719.49 G -
Needle: Inside a Modular Crypto-Stealing C2 That Left Its Keys in the Malware
A modular Malware-as-a-Service crypto-stealing platform called Needle has been discovered actively targeting cryptocurrency wallets through two main attack vectors: a browser extension spoofer targeting MetaMask, Phantom, and Trust Wallet, and a Rust-based desktop agent impersonating Exodus, Trezor, and Ledger applications. The campaign compromised 1,932 victims, including 111 browser extension users and 1,821 desktop sessions. The Rust agent embedded its C2 API key without protection, enabling complete enumeration of victims and withdrawal configurations across six blockchains. The operator's EVM hot wallet moved approximately $148 in ETH to cold storage. The panel's React SPA performed authentication entirely client-side, and the same credential used by infected machines could potentially redirect future auto-withdrawals. Infrastructure is hosted on ASN 202412, a known bulletproof hosting provider in Amsterdam.
Pulse ID: 6a0198399994be750fe044cd
Pulse Link: https://otx.alienvault.com/pulse/6a0198399994be750fe044cd
Pulse Author: AlienVault
Created: 2026-05-11 08:50:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CyberSecurity #Edge #InfoSec #Mac #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #Rust #bot #cryptocurrency #AlienVault
-
Inside a phishing panel
Security researchers gained direct access to Doko's Panel, a real-time phishing platform used in criminal campaigns by ShinyHunters and BlackFile groups. The investigation revealed four distinct infrastructure clusters operating independently customized variants of the tooling. Attacks combine voice phishing with adversary-in-the-middle techniques targeting enterprise identity providers like Okta, Microsoft, and Google, as well as cryptocurrency exchanges. Operators call victims impersonating IT helpdesk staff, directing them to combosquatted domains where credentials and MFA tokens are manually relayed in real-time. Confirmed breaches include SoundCloud (30M records), Match Group (10M records), Betterment (20M records), and Crunchbase. Over 400 domains have been identified linked to these operations. Evidence shows extensive use of AI language models in developing phishing infrastructure, with operators leveraging legitimate services to rapidly deploy and rotate attack infrastructure.
Pulse ID: 6a019872d2134a70b4d8a5bf
Pulse Link: https://otx.alienvault.com/pulse/6a019872d2134a70b4d8a5bf
Pulse Author: AlienVault
Created: 2026-05-11 08:50:58Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AdversaryInTheMiddle #Cloud #CyberSecurity #Google #InfoSec #MFA #MFATokens #Microsoft #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault
-
would you be surprised if i told you that the team of #crypto bros that was behind #Brexit, #NigelFarage, #ReformUK, #FTX, and #EricAdams is also the team behind the new #goldencalf at Mar-A-Lago? because it is. to be specific the calf was brought forth by the #Hasidic Jews that work for #Tether co-founder #BrockPierce.
some day someone will explain why ultra-orthodox jews would want to work for a former child actor who:
a) is not even jewish
b) was involved in hollywood's most infamous gay paedo ring before being arrested in a house in spain with "8,000 fotografias pornografia infantil"
c) was besties with #JeffreyEpstein. they had a whole crypto fund they ran together.their religion and his lifestyle are just like, fundamentally incompatible. it's like finding out Marilyn Manson's whole team is made up of fundamentalist mormons and the Amish.
#israel #netanyahu #BrockPierce #haaretz #palestine #uspol #uspolitics #corruption #crypto #bitcoin #cryptocurrency #stablecoins #USDT #YaakovFlitchkin #jewish #MarALago #EpsteinFiles.
-
would you be surprised if i told you that the team of #crypto bros that was behind #Brexit, #NigelFarage, #ReformUK, #FTX, and #EricAdams is also the team behind the new #goldencalf at Mar-A-Lago? because it is. to be specific the calf was brought forth by the #Hasidic Jews that work for #Tether co-founder #BrockPierce.
some day someone will explain why ultra-orthodox jews would want to work for a former child actor who:
a) is not even jewish
b) was involved in hollywood's most infamous gay paedo ring before being arrested in a house in spain with "8,000 fotografias pornografia infantil"
c) was besties with #JeffreyEpstein. they had a whole crypto fund they ran together.their religion and his lifestyle are just like, fundamentally incompatible. it's like finding out Marilyn Manson's whole team is made up of fundamentalist mormons and the Amish.
#israel #netanyahu #BrockPierce #haaretz #palestine #uspol #uspolitics #corruption #crypto #bitcoin #cryptocurrency #stablecoins #USDT #YaakovFlitchkin #jewish #MarALago #EpsteinFiles.
-
would you be surprised if i told you that the team of #crypto bros that was behind #Brexit, #NigelFarage, #ReformUK, #FTX, and #EricAdams is also the team behind the new #goldencalf at Mar-A-Lago? because it is. to be specific the calf was brought forth by the #Hasidic Jews that work for #Tether co-founder #BrockPierce.
some day someone will explain why ultra-orthodox jews would want to work for a former child actor who:
a) is not even jewish
b) was involved in hollywood's most infamous gay paedo ring before being arrested in a house in spain with "8,000 fotografias pornografia infantil"
c) was besties with #JeffreyEpstein. they had a whole crypto fund they ran together.their religion and his lifestyle are just like, fundamentally incompatible. it's like finding out Marilyn Manson's whole team is made up of fundamentalist mormons and the Amish.
#israel #netanyahu #BrockPierce #haaretz #palestine #uspol #uspolitics #corruption #crypto #bitcoin #cryptocurrency #stablecoins #USDT #YaakovFlitchkin #jewish #MarALago #EpsteinFiles.
-
would you be surprised if i told you that the team of #crypto bros that was behind #Brexit, #NigelFarage, #ReformUK, #FTX, and #EricAdams is also the team behind the new #goldencalf at Mar-A-Lago? because it is. to be specific the calf was brought forth by the #Hasidic Jews that work for #Tether co-founder #BrockPierce.
some day someone will explain why ultra-orthodox jews would want to work for a former child actor who:
a) is not even jewish
b) was involved in hollywood's most infamous gay paedo ring before being arrested in a house in spain with "8,000 fotografias pornografia infantil"
c) was besties with #JeffreyEpstein. they had a whole crypto fund they ran together.their religion and his lifestyle are just like, fundamentally incompatible. it's like finding out Marilyn Manson's whole team is made up of fundamentalist mormons and the Amish.
#israel #netanyahu #BrockPierce #haaretz #palestine #uspol #uspolitics #corruption #crypto #bitcoin #cryptocurrency #stablecoins #USDT #YaakovFlitchkin #jewish #MarALago #EpsteinFiles.
-
would you be surprised if i told you that the team of #crypto bros that was behind #Brexit, #NigelFarage, #ReformUK, #FTX, and #EricAdams is also the team behind the new #goldencalf at Mar-A-Lago? because it is. to be specific the calf was brought forth by the #Hasidic Jews that work for #Tether co-founder #BrockPierce.
some day someone will explain why ultra-orthodox jews would want to work for a former child actor who:
a) is not even jewish
b) was involved in hollywood's most infamous gay paedo ring before being arrested in a house in spain with "8,000 fotografias pornografia infantil"
c) was besties with #JeffreyEpstein. they had a whole crypto fund they ran together.their religion and his lifestyle are just like, fundamentally incompatible. it's like finding out Marilyn Manson's whole team is made up of fundamentalist mormons and the Amish.
#israel #netanyahu #BrockPierce #haaretz #palestine #uspol #uspolitics #corruption #crypto #bitcoin #cryptocurrency #stablecoins #USDT #YaakovFlitchkin #jewish #MarALago #EpsteinFiles.
-
Live: Wall Street hits new highs while ASX set to slip
By Stephen LettsMore strong earnings news, demand for AI stocks and positive jobs data drove Wall Street higher. However, the ASX is set to slip today. Follow the day's events and insights from our business reporters on the ABC News live markets blog.
https://www.abc.net.au/news/2026-05-11/asx-markets-business-news-live-updates/106663582
#StockMarket #FinancialMarkets #Currency #CompanyNews #BusinessEconomicsandFinance #EconomicTrendsandIndicators #Cryptocurrency #StephenLetts
-
Price = 408.29$
Low Price = 400.59 $
High Price = 414.92 $
Height = 3670920
Hashrate = 5.62 Gh/s
Difficulty = 674.4 G -
Ja, Kryptowährungen sind volatil und hängen von technischer Infrastruktur ab. Cashless Payment auch. Die Bankautomaten ebenso.
— Wir sind verloren 🤪#AWS-Ausfall in den USA legt #Coinbase lahm | heise online https://www.heise.de/news/AWS-Ausfall-in-den-USA-legt-Coinbase-lahm-11287767.html #cryptocurrency #cryptocurrencies
-
america's most "respectable" #crypto journalists thowing their flagship annual industry party in a strip club is almost too on brand
#crypto #uspol #corruption #cryptocurrency #GeniusAct #bitcoin #journalism #journalists #stripclub #strippers #coindesk
-
"Did you see that story about the crypto tycoon and Farage? It bears repeating."
#UK #UnitedKingdom #UKpol #Politics #UKpolitics #NigelFarage #Farage #Cryptocurrency #TheNerve #StewartLee
-
Price = 409.79$
Low Price = 394.93 $
High Price = 417.94 $
Height = 3670207
Hashrate = 5.51 Gh/s
Difficulty = 661.54 G -
RAPPLER | Philippine & World News | Investigative Journalism | Data | Civic Engagement | Public Interest [Unofficial] @[email protected] ·Amazon reports cloud outage at North Virginia data center; CME, Coinbase face trading issues
-
Price = 402.83$
Low Price = 387.45 $
High Price = 418.36 $
Height = 3669484
Hashrate = 5.67 Gh/s
Difficulty = 679.88 G -
5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer
Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.
Pulse ID: 69fcc64069bf35be793669dd
Pulse Link: https://otx.alienvault.com/pulse/69fcc64069bf35be793669dd
Pulse Author: AlienVault
Created: 2026-05-07 17:05:04Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault
-
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.
Pulse ID: 69fb97e43f09a3b9ae3a39b9
Pulse Link: https://otx.alienvault.com/pulse/69fb97e43f09a3b9ae3a39b9
Pulse Author: AlienVault
Created: 2026-05-06 19:35:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.
Pulse ID: 69fb97e43f09a3b9ae3a39b9
Pulse Link: https://otx.alienvault.com/pulse/69fb97e43f09a3b9ae3a39b9
Pulse Author: AlienVault
Created: 2026-05-06 19:35:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.
Pulse ID: 69fb97e43f09a3b9ae3a39b9
Pulse Link: https://otx.alienvault.com/pulse/69fb97e43f09a3b9ae3a39b9
Pulse Author: AlienVault
Created: 2026-05-06 19:35:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.
Pulse ID: 69fb97e43f09a3b9ae3a39b9
Pulse Link: https://otx.alienvault.com/pulse/69fb97e43f09a3b9ae3a39b9
Pulse Author: AlienVault
Created: 2026-05-06 19:35:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault