MacOS Users Targeted by New Phishing Email Scam

MacOS Users Targeted by New Phishing Email Scam

Posted on By CWS

Key Points

  • A phishing campaign using fake compliance emails targets macOS users.
  • Attackers use social engineering and multi-stage payloads to steal data.
  • Malware disguises itself as legitimate system prompts to avoid detection.

Emerging Threat to macOS Users

A new phishing scam has been identified, targeting macOS users through deceptive compliance emails. Detected by Chainbase Lab, this sophisticated attack impersonates legitimate audit notifications to lure victims into a trap.

The campaign uses a combination of social engineering techniques and multi-stage fileless malware to extract credentials and maintain remote access on affected systems. Attackers initiate contact by requesting verification of company details, later sending emails purported to be from financial auditors.

Deceptive Tactics and Infection Process

The attack progresses through a series of strategic steps designed to deceive users into interacting with malicious documents. Initial communications seek to build trust, which is then exploited in follow-up emails referencing audit or token vesting deadlines.

These subsequent emails contain attachments disguised as Word or PDF files but are, in fact, AppleScript files using double extensions to mask their true purpose. Once opened, these files execute scripts that download further malicious payloads.

Malware Evasion and Persistence

To evade detection, the malware presents fake system dialogs that resemble macOS security alerts. These prompts trick users into providing admin passwords, which are then immediately exfiltrated to a remote server.

The malware also attempts to bypass macOS privacy protections by injecting SQL statements that grant itself extensive permissions, such as camera and keyboard access, ensuring long-term control over the infected machine.

The infrastructure of this phishing campaign relies on disposable domains registered in early 2026, with command servers hosted on IP addresses associated with multiple malicious domains.

Conclusion

This emerging threat highlights the need for increased vigilance among macOS users. Awareness and caution when dealing with unsolicited emails can help mitigate the risk of falling victim to such sophisticated phishing scams.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack Cyber Security News
Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups Cyber Security News
Apache Tomcat Vulnerabilities Let Attackers Trigger Dos Attack Apache Tomcat Vulnerabilities Let Attackers Trigger Dos Attack Cyber Security News
Adobe Data Breach: 13 Million Records Allegedly Leaked Adobe Data Breach: 13 Million Records Allegedly Leaked Cyber Security News
AI-Powered Cyber Threats Demand New Defense Strategies AI-Powered Cyber Threats Demand New Defense Strategies Cyber Security News
European Commission Thwarts Cyber-Attack on Mobile Data European Commission Thwarts Cyber-Attack on Mobile Data Cyber Security News