MacOS Users Targeted by New Phishing Email Scam

MacOS Users Targeted by New Phishing Email Scam

Posted on By CWS

Key Points

  • A phishing campaign using fake compliance emails targets macOS users.
  • Attackers use social engineering and multi-stage payloads to steal data.
  • Malware disguises itself as legitimate system prompts to avoid detection.

Emerging Threat to macOS Users

A new phishing scam has been identified, targeting macOS users through deceptive compliance emails. Detected by Chainbase Lab, this sophisticated attack impersonates legitimate audit notifications to lure victims into a trap.

The campaign uses a combination of social engineering techniques and multi-stage fileless malware to extract credentials and maintain remote access on affected systems. Attackers initiate contact by requesting verification of company details, later sending emails purported to be from financial auditors.

Deceptive Tactics and Infection Process

The attack progresses through a series of strategic steps designed to deceive users into interacting with malicious documents. Initial communications seek to build trust, which is then exploited in follow-up emails referencing audit or token vesting deadlines.

These subsequent emails contain attachments disguised as Word or PDF files but are, in fact, AppleScript files using double extensions to mask their true purpose. Once opened, these files execute scripts that download further malicious payloads.

Malware Evasion and Persistence

To evade detection, the malware presents fake system dialogs that resemble macOS security alerts. These prompts trick users into providing admin passwords, which are then immediately exfiltrated to a remote server.

The malware also attempts to bypass macOS privacy protections by injecting SQL statements that grant itself extensive permissions, such as camera and keyboard access, ensuring long-term control over the infected machine.

The infrastructure of this phishing campaign relies on disposable domains registered in early 2026, with command servers hosted on IP addresses associated with multiple malicious domains.

Conclusion

This emerging threat highlights the need for increased vigilance among macOS users. Awareness and caution when dealing with unsolicited emails can help mitigate the risk of falling victim to such sophisticated phishing scams.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Why Your Business Needs Live Threat Intel from 15K SOCs Why Your Business Needs Live Threat Intel from 15K SOCs Cyber Security News
Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild Cyber Security News
An Open-Source Tool to See Through Encrypted Traffic in Linux systems An Open-Source Tool to See Through Encrypted Traffic in Linux systems Cyber Security News
Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware Threat Actors Abuse Microsoft Help Index File to Execute PipeMagic Malware Cyber Security News
Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators Cyber Security News
Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks Cyber Security News