A new macOS malware variant called Reaper, an updated version of the SHub stealer, targets users by spoofing trusted domains like Apple, Microsoft, and Google to steal passwords, cryptocurrency wallet credentials, and sensitive files. Unlike earlier versions, it bypasses Apple's Terminal entirely by using macOS Script Editor to execute its malicious payload, circumventing defences added in macOS Tahoe 26.4. The malware also establishes persistent backdoor access by disguising itself as a Google Software Update process, allowing attackers to remotely execute code on compromised machines every 60 seconds.
