Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Odyssey Stealer Targets macOS: Global Crypto Threat

Odyssey Stealer Targets macOS: Global Crypto Threat

Posted on July 10, 2026 By CWS

Odyssey Stealer Malware Threatens macOS Users Globally

The Odyssey Stealer malware has resurfaced, targeting macOS users in over 100 countries worldwide. This malicious software is designed to harvest sensitive information, including login credentials, browsing history, cryptocurrency assets, and other critical files. It poses a substantial risk to both personal and professional accounts.

How Odyssey Stealer Infiltrates Systems

The malware spreads through deceptive software prompts and fake update notifications, employing social engineering tactics that trick users into executing harmful commands. Once activated, Odyssey Stealer discreetly scans devices for valuable information, which is then transmitted to servers controlled by the attackers.

Unlike many other malware campaigns, this one takes advantage of everyday user behavior rather than exploiting newly discovered weaknesses in macOS. As a result, even users with updated systems are at risk if they fail to verify the legitimacy of software sources.

Significant Risks for Cryptocurrency Users

Odyssey Stealer poses a heightened threat to cryptocurrency users by targeting around 300 different wallet extensions. This allows cybercriminals to cast a wide net, making it easier to compromise browser-based wallets. Additionally, the malware seeks out wallet files from 16 desktop cryptocurrency applications, including well-known names like Electrum and Ledger Live.

Beyond wallets, the malware also aims to steal browser passwords and session cookies, potentially giving attackers unauthorized access to online accounts without needing passwords. This threat extends to developers and remote workers, as it can also collect SSH keys and configuration data for cloud services.

Ensuring Long-term Persistence and Evasion

To remain undetected, Odyssey Stealer installs a persistent LaunchDaemon on infected Macs, enabling it to automatically restart after a system reboot. This persistence mechanism increases the malware’s chances of continuing its data collection activities without the user reopening the initial lure.

Moonlock Lab reports that the operation can replace legitimate cryptocurrency applications with trojanized versions, leading users to unknowingly redirect cryptocurrency transactions to the attackers. The malware’s use of a primary command-and-control server, along with fallback domains, ensures continued communication and data theft even if certain paths are blocked.

Protective Measures Against Odyssey Stealer

Users are advised to download software exclusively from official sources like vendor websites or the Mac App Store. Treat unexpected update prompts with skepticism and verify wallet apps before inputting recovery information.

Organizations should be vigilant for unfamiliar LaunchDaemons, unexpected outbound connections, and alterations to wallet applications. If an infection is suspected, disconnect the affected Mac from networks, change credentials using a secure device, review cryptocurrency accounts, and seek professional incident-response assistance.

Indicators of compromise include IP addresses and domains linked to the malware’s infrastructure, such as the primary command-and-control server at 165.245.215.18 and fallback domains like rahtam.com and scubin.com.

Proactively fortifying defenses against such threats is crucial to prevent significant financial losses. Integrating live threat feeds from security operations centers can enhance detection and response capabilities.

Cyber Security News Tags:browser security, crypto wallets, cryptocurrency security, Cybersecurity, data theft, LaunchDaemon, macOS malware, malware protection, Moonlock Lab, Odyssey Stealer

Post navigation

Previous Post: Over 200 GitHub Repositories Exploit Malware Threat
Next Post: XRING Flaw in XQUIC Poses Risk to HTTP/3 Servers

Related Posts

New ZuRu Malware Variant Weaponizes Termius SSH Client to Attack macOS Users New ZuRu Malware Variant Weaponizes Termius SSH Client to Attack macOS Users Cyber Security News
ACSC Raises Alarm on CMS Exploitation Threat ACSC Raises Alarm on CMS Exploitation Threat Cyber Security News
New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample Cyber Security News
Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August Cyber Security News
MuddyWater Embraces Russian Malware in ChainShell Attack MuddyWater Embraces Russian Malware in ChainShell Attack Cyber Security News
Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed
  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed
  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark