Infostealers targeting macOS have continued to proliferate over the last two years, with threat actors iterating on successful techniques across related malware families. Researchers at Moonlock, Jamf, and Malwarebytes have previously documented the rise of SHub Stealer, including its use of fake application installers and “ClickFix” social engineering. SentinelOne recently observed a new SHub variant using the build tag “Reaper.” Below is their great analysis.
Reaper uses fake WeChat and Miro
