A new malware called GlassWorm has been discovered targeting macOS systems through compromised OpenVSX extensions. The attack, which involved pushing malicious updates to four extensions, aims to steal passwords, crypto-wallet data, and developer credentials. Users who downloaded the affected extensions should clean their systems and change their passwords.

A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.

MacPersistenceChecker is a macOS app that identifies all items set to run automatically on your system. It helps detect malware and unwanted software by scoring each persistence mechanism based on risk factors. Users can analyze and decide what to keep or remove.

A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.

This article reviews new macOS malware discovered in 2025, detailing infection methods, persistence techniques, and the functionality of each specimen. The focus is primarily on information stealers, highlighting their rise in prevalence and the tactics used to distribute them. It also provides links to malware samples for analysis.

The article discusses the vulnerabilities associated with TCC (Transparency, Consent, and Control) on macOS, which regulates app access to sensitive user data. It highlights the misconceptions among developers regarding TCC's importance in protecting user privacy and outlines various scenarios where malware could exploit TCC bypasses.

Santa is a macOS binary and file access authorization system designed to monitor execution and file access, allowing users to manage binary permissions through a local database and various configuration options. It operates in MONITOR or LOCKDOWN modes, supports code signing and path-based rules, and can synchronize settings with remote servers. Santa aims to enhance security by preventing malware execution while integrating into existing defense strategies.

North Korean hackers have been identified as the creators of NimDoor, a new malware targeting macOS users through fake Zoom updates. This malware exploits vulnerabilities to gain unauthorized access to systems, highlighting ongoing cybersecurity threats from state-sponsored hacking groups.

The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.

Over 300 entities have been affected by a new variant of the Atomic MacOS Stealer malware in a recent campaign. This malicious software targets MacOS systems to extract sensitive information, raising concerns about the security of Apple devices. Cybersecurity experts are advising users to remain vigilant and implement protective measures.

LastPass has alerted macOS users about a malicious campaign using fake password managers and other software, which deliver the Atomic info-stealing malware through deceptive GitHub repositories. The campaign employs search engine optimization tactics to promote these fraudulent applications, urging users to execute potentially harmful commands that install malware on their systems. Users are advised to only download software from official sources to avoid such threats.

Microsoft has discovered a new variant of the XCSSET malware targeting macOS systems, which is being used in targeted attacks against specific individuals. This malware exploits vulnerabilities to gain unauthorized access and control over compromised devices, highlighting ongoing threats to macOS users.

A new version of the Atomic macOS info-stealer malware has been discovered, featuring a persistent backdoor that allows attackers to maintain indefinite access to compromised systems. Analyzed by Moonlock, the malware targets macOS files and user data, exploiting phishing tactics and advanced evasion techniques to execute remote commands and survive system reboots.

A malicious campaign is targeting macOS developers through fake Homebrew, LogMeIn, and TradingView platforms that distribute infostealing malware such as AMOS and Odyssey. The campaign uses deceptive tactics to trick users into executing harmful commands in Terminal, leading to the theft of sensitive information from their systems. Researchers identified over 85 domains involved in this scheme, which are promoted via Google Ads to appear in search results.

Jamf Threat Labs has identified a new technique where attackers use PyInstaller to bundle Python-based infostealers into Mach-O executables on macOS. This method allows malware to run without requiring a native Python installation, while employing various obfuscation tactics to evade detection. The analysis includes dynamic and static examination of these malicious binaries, revealing behaviors consistent with infostealer activity.

The article discusses a malware issue affecting GitHub users on macOS, highlighting how this malware can compromise systems and steal sensitive information. It emphasizes the importance of maintaining security practices and being aware of potential threats when using software development tools.