#macossecurity — Public Fediverse posts

Nueva campaña ClickFix "Claude Code on Mac" de malware para macOS usando anuncios de Google y chats compartidos legítimos en Claude

#ciberseguridad #macOSSecurity #IA #ClickFix

https://mecambioamac.com/campana-clickfix-para-macos-usando-google-ads-y-chats-legitimos-de-claude/

Nueva campaña ClickFix "Claude Code on Mac" de malware para macOS usando anuncios de Google y chats compartidos legítimos en Claude

#ciberseguridad #macOSSecurity #IA #ClickFix

https://mecambioamac.com/campana-clickfix-para-macos-usando-google-ads-y-chats-legitimos-de-claude/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://fed.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://fed.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.

Per Moonlock Lab and AdGuard:
• Abuse of Claude artifact pages
• Google Ads search poisoning
• Obfuscated shell execution (base64 decode → zsh)
• Second-stage loader for MacSync infostealer
• Hardcoded API key + token-protected C2
• AppleScript (osascript) handling data theft
• Archive staging at /tmp/osalogging.zip
• Multi-attempt POST exfiltration

Previous campaigns exploited ChatGPT and Grok sharing features.
LLM trust is now an operational risk vector.
Should EDR flag suspicious AI-guided shell patterns?

Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/

Engage below.
Follow @technadu for deep technical threat analysis.

#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.

Per Moonlock Lab and AdGuard:
• Abuse of Claude artifact pages
• Google Ads search poisoning
• Obfuscated shell execution (base64 decode → zsh)
• Second-stage loader for MacSync infostealer
• Hardcoded API key + token-protected C2
• AppleScript (osascript) handling data theft
• Archive staging at /tmp/osalogging.zip
• Multi-attempt POST exfiltration

Previous campaigns exploited ChatGPT and Grok sharing features.
LLM trust is now an operational risk vector.
Should EDR flag suspicious AI-guided shell patterns?

Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/

Engage below.
Follow @technadu for deep technical threat analysis.

#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.

Per Moonlock Lab and AdGuard:
• Abuse of Claude artifact pages
• Google Ads search poisoning
• Obfuscated shell execution (base64 decode → zsh)
• Second-stage loader for MacSync infostealer
• Hardcoded API key + token-protected C2
• AppleScript (osascript) handling data theft
• Archive staging at /tmp/osalogging.zip
• Multi-attempt POST exfiltration

Previous campaigns exploited ChatGPT and Grok sharing features.
LLM trust is now an operational risk vector.
Should EDR flag suspicious AI-guided shell patterns?

Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/

Engage below.
Follow @technadu for deep technical threat analysis.

#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust

ClickFix campaigns are now leveraging LLM-generated public artifacts for malware distribution.

Per Moonlock Lab and AdGuard:
• Abuse of Claude artifact pages
• Google Ads search poisoning
• Obfuscated shell execution (base64 decode → zsh)
• Second-stage loader for MacSync infostealer
• Hardcoded API key + token-protected C2
• AppleScript (osascript) handling data theft
• Archive staging at /tmp/osalogging.zip
• Multi-attempt POST exfiltration

Previous campaigns exploited ChatGPT and Grok sharing features.
LLM trust is now an operational risk vector.
Should EDR flag suspicious AI-guided shell patterns?

Source: https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/

Engage below.
Follow @technadu for deep technical threat analysis.

#ThreatIntel #MacOSSecurity #Infostealer #C2Traffic #ClickFix #LLMSecurity #MalwareAnalysis #AppSec #BlueTeam #EDR #ThreatHunting #CyberThreats #ZeroTrust

Safari 26.3 patches 6 critical vulnerabilities CFNetwork flaw allowed arbitrary file writing. AdwaitX analyzes WebKit security fixes for macOS Sonoma and Sequoia users. Update now to protect browsing data #AdwaitX #Safari #macOSSecurity

https://www.adwaitx.com/safari-26-3-security-update-vulnerabilities-fixed/

A new macOS-focused AMOS infostealer campaign is redirecting users to shared ChatGPT and Grok conversations via malicious Google ads. The chats contain Terminal commands that decode into a script installing AMOS with elevated privileges.

AMOS then targets crypto wallets, browser data, Keychain items, and more - with persistence handled through LaunchDaemons and AppleScripts.

This campaign highlights how AI platforms and search ads can be misused as delivery mechanisms.

What safeguards should exist to prevent similar abuse?

Source:
https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/

Follow TechNadu for more threat-intel updates.

#Infosec #ThreatIntel #macOSSecurity #AMOS #Malware #DigitalSafety #AIChatSecurity #CyberAwareness

A new macOS-focused AMOS infostealer campaign is redirecting users to shared ChatGPT and Grok conversations via malicious Google ads. The chats contain Terminal commands that decode into a script installing AMOS with elevated privileges.

AMOS then targets crypto wallets, browser data, Keychain items, and more - with persistence handled through LaunchDaemons and AppleScripts.

This campaign highlights how AI platforms and search ads can be misused as delivery mechanisms.

What safeguards should exist to prevent similar abuse?

Source:
https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/

Follow TechNadu for more threat-intel updates.

#Infosec #ThreatIntel #macOSSecurity #AMOS #Malware #DigitalSafety #AIChatSecurity #CyberAwareness

A new macOS-focused AMOS infostealer campaign is redirecting users to shared ChatGPT and Grok conversations via malicious Google ads. The chats contain Terminal commands that decode into a script installing AMOS with elevated privileges.

AMOS then targets crypto wallets, browser data, Keychain items, and more - with persistence handled through LaunchDaemons and AppleScripts.

This campaign highlights how AI platforms and search ads can be misused as delivery mechanisms.

What safeguards should exist to prevent similar abuse?

Source:
https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/

Follow TechNadu for more threat-intel updates.

#Infosec #ThreatIntel #macOSSecurity #AMOS #Malware #DigitalSafety #AIChatSecurity #CyberAwareness

El equipo de Jamf Threat Labs nos trae un informe sobre #DigitStealer: un sofisticado programa para robar información de macOS suplantando al software #DynamicLake de Aviorrok

#ciberseguridad #macOSSecurity #macOS

https://mecambioamac.com/digitstealer-un-sofisticado-programa-para-robar-informacion-de-macos/

El equipo de Jamf Threat Labs nos trae un informe sobre #DigitStealer: un sofisticado programa para robar información de macOS suplantando al software #DynamicLake de Aviorrok

#ciberseguridad #macOSSecurity #macOS

https://mecambioamac.com/digitstealer-un-sofisticado-programa-para-robar-informacion-de-macos/

Nuevas mejoras en la seguridad de macOS Tahoe y en iOS que llegan en la versión 26.1: las Mejoras de Seguridad en Segundo Plano

#macOSTahoe #iOS26 #MacOSSecurity #AppleSecurity #CyberSecurity #ciberseguridad

https://mecambioamac.com/macos-tahoe-26-1-activa-las-mejoras-de-seguridad-en-segundo-plano/

Nuevas mejoras en la seguridad de macOS Tahoe y en iOS que llegan en la versión 26.1: las Mejoras de Seguridad en Segundo Plano

#macOSTahoe #iOS26 #MacOSSecurity #AppleSecurity #CyberSecurity #ciberseguridad

https://mecambioamac.com/macos-tahoe-26-1-activa-las-mejoras-de-seguridad-en-segundo-plano/

Nuevas mejoras en la seguridad de macOS Tahoe y en iOS que llegan en la versión 26.1: las Mejoras de Seguridad en Segundo Plano

#macOSTahoe #iOS26 #MacOSSecurity #AppleSecurity #CyberSecurity #ciberseguridad

https://mecambioamac.com/macos-tahoe-26-1-activa-las-mejoras-de-seguridad-en-segundo-plano/

Nuevas mejoras en la seguridad de macOS Tahoe y en iOS que llegan en la versión 26.1: las Mejoras de Seguridad en Segundo Plano

#macOSTahoe #iOS26 #MacOSSecurity #AppleSecurity #CyberSecurity #ciberseguridad

https://mecambioamac.com/macos-tahoe-26-1-activa-las-mejoras-de-seguridad-en-segundo-plano/

A seemingly routine tool update could be a trap—malware like AMOS and Odyssey are stealthily targeting macOS developers and snatching credentials and source code. Are you prepared for this new wave of cyber threats?

https://thedefendopsdiaries.com/the-rise-of-infostealers-amos-and-odyssey-target-macos-developers/

#macossecurity
#infostealers
#cyberthreats
#amosmalware
#odysseymalware

A seemingly routine tool update could be a trap—malware like AMOS and Odyssey are stealthily targeting macOS developers and snatching credentials and source code. Are you prepared for this new wave of cyber threats?

https://thedefendopsdiaries.com/the-rise-of-infostealers-amos-and-odyssey-target-macos-developers/

#macossecurity
#infostealers
#cyberthreats
#amosmalware
#odysseymalware

A seemingly routine tool update could be a trap—malware like AMOS and Odyssey are stealthily targeting macOS developers and snatching credentials and source code. Are you prepared for this new wave of cyber threats?

https://thedefendopsdiaries.com/the-rise-of-infostealers-amos-and-odyssey-target-macos-developers/

#macossecurity
#infostealers
#cyberthreats
#amosmalware
#odysseymalware

A seemingly routine tool update could be a trap—malware like AMOS and Odyssey are stealthily targeting macOS developers and snatching credentials and source code. Are you prepared for this new wave of cyber threats?

https://thedefendopsdiaries.com/the-rise-of-infostealers-amos-and-odyssey-target-macos-developers/

#macossecurity
#infostealers
#cyberthreats
#amosmalware
#odysseymalware

macOS Tahoe agrega desbloqueo remoto para FileVault mediante SSH

#macOSTahoe #FileVault #MacSecurity #macOSSecurity

https://mecambioamac.com/macos-tahoe-agrega-desbloqueo-remoto-para-filevault-mediante-ssh/

macOS Tahoe agrega desbloqueo remoto para FileVault mediante SSH

#macOSTahoe #FileVault #MacSecurity #macOSSecurity

https://mecambioamac.com/macos-tahoe-agrega-desbloqueo-remoto-para-filevault-mediante-ssh/

Varios cambios significativos de macOS Tahoe 26 y FileVault

#macOSTahoe #macOSSecurity #FileVault

https://mecambioamac.com/varios-cambios-significativos-de-macos-tahoe-26-y-filevault/

Varios cambios significativos de macOS Tahoe 26 y FileVault

#macOSTahoe #macOSSecurity #FileVault

https://mecambioamac.com/varios-cambios-significativos-de-macos-tahoe-26-y-filevault/

LastPass uncovers fake GitHub repos spreading Atomic Stealer malware to Mac users

https://web.brid.gy/r/https://nerds.xyz/2025/09/lastpass-uncovers-fake-github-repos-spreading-atomic-stealer-malware-to-mac-users/

Mac users—did you know fake "fix" sites could be robbing you blind? A new malware, Shamos Infostealer, is stealthily snatching passwords, crypto wallets, and more. How secure is your Mac?

https://thedefendopsdiaries.com/understanding-the-shamos-infostealer-a-new-threat-to-macos-users/

#shamosinfostealer
#macossecurity
#malwareaservice
#cybersecuritythreats
#infostealer

Mac users—did you know fake "fix" sites could be robbing you blind? A new malware, Shamos Infostealer, is stealthily snatching passwords, crypto wallets, and more. How secure is your Mac?

https://thedefendopsdiaries.com/understanding-the-shamos-infostealer-a-new-threat-to-macos-users/

#shamosinfostealer
#macossecurity
#malwareaservice
#cybersecuritythreats
#infostealer

Mac users—did you know fake "fix" sites could be robbing you blind? A new malware, Shamos Infostealer, is stealthily snatching passwords, crypto wallets, and more. How secure is your Mac?

https://thedefendopsdiaries.com/understanding-the-shamos-infostealer-a-new-threat-to-macos-users/

#shamosinfostealer
#macossecurity
#malwareaservice
#cybersecuritythreats
#infostealer

Office-Supportende: Makro-Desaster verhindern – Source: www.csoonline.com https://ciso2ciso.com/office-supportende-makro-desaster-verhindern-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityPractices #Windowssecurity #MacOSSecurity #CSOonline #CSOOnline

Office-Supportende: Makro-Desaster verhindern – Source: www.csoonline.com https://ciso2ciso.com/office-supportende-makro-desaster-verhindern-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityPractices #Windowssecurity #MacOSSecurity #CSOonline #CSOOnline

Office-Supportende: Makro-Desaster verhindern – Source: www.csoonline.com https://ciso2ciso.com/office-supportende-makro-desaster-verhindern-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityPractices #Windowssecurity #MacOSSecurity #CSOonline #CSOOnline

Office-Supportende: Makro-Desaster verhindern – Source: www.csoonline.com https://ciso2ciso.com/office-supportende-makro-desaster-verhindern-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityPractices #Windowssecurity #MacOSSecurity #CSOonline #CSOOnline

Office-Supportende: Makro-Desaster verhindern https://www.csoonline.com/article/4021759/office-supportende-makro-desaster-verhindern.html #SecurityPractices #WindowsSecurity #MacOSSecurity

Office-Supportende: Makro-Desaster verhindern https://www.csoonline.com/article/4021759/office-supportende-makro-desaster-verhindern.html #SecurityPractices #WindowsSecurity #MacOSSecurity

Office-Supportende: Makro-Desaster verhindern https://www.csoonline.com/article/4021759/office-supportende-makro-desaster-verhindern.html #SecurityPractices #WindowsSecurity #MacOSSecurity

Office-Supportende: Makro-Desaster verhindern https://www.csoonline.com/article/4021759/office-supportende-makro-desaster-verhindern.html #SecurityPractices #WindowsSecurity #MacOSSecurity

⏳ In less than 15 days, we'll be live at #BlackHat USA 2025 with our 2-day hands-on macOS Threat Detection & Incident Response training. 🍏

Built for defenders of macOS - attack simulations, forensics, and incident response you can actually use in the field

🚀 Seats are filling fast -

🗓️ Aug 2–3: https://shorturl.at/YVTq9

🗓️ Aug 4–5: https://shorturl.at/sktoB

👉 Share with someone who needs this!

#DFIR #macOS #BlueTeam #IncidentResponse #ThreatDetection #macOSSecurity #BlackHatUSA #BHUSA

North Korean crypto thieves deploy custom Mac backdoor – Source: www.csoonline.com https://ciso2ciso.com/north-korean-crypto-thieves-deploy-custom-mac-backdoor-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #cryptocurrency #MacOSSecurity #CSOonline #CSOOnline #Malware

North Korean crypto thieves deploy custom Mac backdoor – Source: www.csoonline.com https://ciso2ciso.com/north-korean-crypto-thieves-deploy-custom-mac-backdoor-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #cryptocurrency #MacOSSecurity #CSOonline #CSOOnline #Malware

North Korean crypto thieves deploy custom Mac backdoor – Source: www.csoonline.com https://ciso2ciso.com/north-korean-crypto-thieves-deploy-custom-mac-backdoor-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #cryptocurrency #MacOSSecurity #CSOonline #CSOOnline #Malware

North Korean crypto thieves deploy custom Mac backdoor – Source: www.csoonline.com https://ciso2ciso.com/north-korean-crypto-thieves-deploy-custom-mac-backdoor-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #cryptocurrency #MacOSSecurity #CSOonline #CSOOnline #Malware

North Korean crypto thieves deploy custom Mac backdoor https://www.csoonline.com/article/4016323/north-korean-crypto-thieves-deploy-custom-mac-backdoor.html #Cryptocurrency #MacOSSecurity #Malware

North Korean crypto thieves deploy custom Mac backdoor https://www.csoonline.com/article/4016323/north-korean-crypto-thieves-deploy-custom-mac-backdoor.html #Cryptocurrency #MacOSSecurity #Malware

North Korean crypto thieves deploy custom Mac backdoor https://www.csoonline.com/article/4016323/north-korean-crypto-thieves-deploy-custom-mac-backdoor.html #Cryptocurrency #MacOSSecurity #Malware

North Korean crypto thieves deploy custom Mac backdoor https://www.csoonline.com/article/4016323/north-korean-crypto-thieves-deploy-custom-mac-backdoor.html #Cryptocurrency #MacOSSecurity #Malware