MacOS Users Targeted by New Phishing Email Scam

MacOS Users Targeted by New Phishing Email Scam

Posted on By CWS

Key Points

  • A phishing campaign using fake compliance emails targets macOS users.
  • Attackers use social engineering and multi-stage payloads to steal data.
  • Malware disguises itself as legitimate system prompts to avoid detection.

Emerging Threat to macOS Users

A new phishing scam has been identified, targeting macOS users through deceptive compliance emails. Detected by Chainbase Lab, this sophisticated attack impersonates legitimate audit notifications to lure victims into a trap.

The campaign uses a combination of social engineering techniques and multi-stage fileless malware to extract credentials and maintain remote access on affected systems. Attackers initiate contact by requesting verification of company details, later sending emails purported to be from financial auditors.

Deceptive Tactics and Infection Process

The attack progresses through a series of strategic steps designed to deceive users into interacting with malicious documents. Initial communications seek to build trust, which is then exploited in follow-up emails referencing audit or token vesting deadlines.

These subsequent emails contain attachments disguised as Word or PDF files but are, in fact, AppleScript files using double extensions to mask their true purpose. Once opened, these files execute scripts that download further malicious payloads.

Malware Evasion and Persistence

To evade detection, the malware presents fake system dialogs that resemble macOS security alerts. These prompts trick users into providing admin passwords, which are then immediately exfiltrated to a remote server.

The malware also attempts to bypass macOS privacy protections by injecting SQL statements that grant itself extensive permissions, such as camera and keyboard access, ensuring long-term control over the infected machine.

The infrastructure of this phishing campaign relies on disposable domains registered in early 2026, with command servers hosted on IP addresses associated with multiple malicious domains.

Conclusion

This emerging threat highlights the need for increased vigilance among macOS users. Awareness and caution when dealing with unsolicited emails can help mitigate the risk of falling victim to such sophisticated phishing scams.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure Cyber Security News
Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads Cyber Security News
UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports Cyber Security News
ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks Cyber Security News
CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks Cyber Security News
New Streamlit Vulnerability Allows Hackers to Launch Cloud Account Takeover Attacks New Streamlit Vulnerability Allows Hackers to Launch Cloud Account Takeover Attacks Cyber Security News