home.social
Sign in Create account

#scriptexecution — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #scriptexecution, aggregated by home.social.

  1. OTX Bot @[email protected] ·

    ClickFix campaign uses fake macOS utilities lures to deliver infostealers

    Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

    Pulse ID: 69fb97e43f09a3b9ae3a39b9
    Pulse Link: otx.alienvault.com/pulse/69fb9
    Pulse Author: AlienVault
    Created: 2026-05-06 19:35:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

    #amos #browser #cloud #cybersecurity #ics #infosec
  2. OTX Bot @[email protected] ·

    ClickFix campaign uses fake macOS utilities lures to deliver infostealers

    Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

    Pulse ID: 69fb97e43f09a3b9ae3a39b9
    Pulse Link: otx.alienvault.com/pulse/69fb9
    Pulse Author: AlienVault
    Created: 2026-05-06 19:35:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

    #amos #browser #cloud #cybersecurity #ics #infosec
  3. OTX Bot @[email protected] ·

    ClickFix campaign uses fake macOS utilities lures to deliver infostealers

    Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

    Pulse ID: 69fb97e43f09a3b9ae3a39b9
    Pulse Link: otx.alienvault.com/pulse/69fb9
    Pulse Author: AlienVault
    Created: 2026-05-06 19:35:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

    #amos #browser #cloud #cybersecurity #ics #infosec
  4. OTX Bot @[email protected] ·

    ClickFix campaign uses fake macOS utilities lures to deliver infostealers

    Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

    Pulse ID: 69fb97e43f09a3b9ae3a39b9
    Pulse Link: otx.alienvault.com/pulse/69fb9
    Pulse Author: AlienVault
    Created: 2026-05-06 19:35:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

    #alienvault #cryptocurrency #bot #trojan #socialengineering #scriptexecution
  5. OTX Bot @[email protected] ·

    ClickFix campaign uses fake macOS utilities lures to deliver infostealers

    Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

    Pulse ID: 69fb97e43f09a3b9ae3a39b9
    Pulse Link: otx.alienvault.com/pulse/69fb9
    Pulse Author: AlienVault
    Created: 2026-05-06 19:35:00

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #Browser #Cloud #CyberSecurity #ICS #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #RAT #ScriptExecution #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

    #amos #browser #cloud #cybersecurity #ics #infosec