MacOS Users Targeted by New Phishing Email Scam

MacOS Users Targeted by New Phishing Email Scam

Posted on By CWS

Key Points

  • A phishing campaign using fake compliance emails targets macOS users.
  • Attackers use social engineering and multi-stage payloads to steal data.
  • Malware disguises itself as legitimate system prompts to avoid detection.

Emerging Threat to macOS Users

A new phishing scam has been identified, targeting macOS users through deceptive compliance emails. Detected by Chainbase Lab, this sophisticated attack impersonates legitimate audit notifications to lure victims into a trap.

The campaign uses a combination of social engineering techniques and multi-stage fileless malware to extract credentials and maintain remote access on affected systems. Attackers initiate contact by requesting verification of company details, later sending emails purported to be from financial auditors.

Deceptive Tactics and Infection Process

The attack progresses through a series of strategic steps designed to deceive users into interacting with malicious documents. Initial communications seek to build trust, which is then exploited in follow-up emails referencing audit or token vesting deadlines.

These subsequent emails contain attachments disguised as Word or PDF files but are, in fact, AppleScript files using double extensions to mask their true purpose. Once opened, these files execute scripts that download further malicious payloads.

Malware Evasion and Persistence

To evade detection, the malware presents fake system dialogs that resemble macOS security alerts. These prompts trick users into providing admin passwords, which are then immediately exfiltrated to a remote server.

The malware also attempts to bypass macOS privacy protections by injecting SQL statements that grant itself extensive permissions, such as camera and keyboard access, ensuring long-term control over the infected machine.

The infrastructure of this phishing campaign relies on disposable domains registered in early 2026, with command servers hosted on IP addresses associated with multiple malicious domains.

Conclusion

This emerging threat highlights the need for increased vigilance among macOS users. Awareness and caution when dealing with unsolicited emails can help mitigate the risk of falling victim to such sophisticated phishing scams.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

RealBlindingEDR Tool That Permanently Turn off AV/EDR Using Kernel Callbacks RealBlindingEDR Tool That Permanently Turn off AV/EDR Using Kernel Callbacks Cyber Security News
New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content Cyber Security News
Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence Cyber Security News
Cybersecurity Professionals Plead Guilty to Launching Ransomware Attacks Cybersecurity Professionals Plead Guilty to Launching Ransomware Attacks Cyber Security News
North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide Cyber Security News
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Cyber Security News