SHub's "Reaper" Malware Variant Bypasses macOS Terminal Protections
malwaremacOScybersecurityAppleScriptpersistenceanti-analysistelemetrytrusted-brandimpersonation
SHub’s "Reaper" malware variant has evolved to bypass macOS terminal protections by shifting from Terminal-based execution to AppleScript abuse. The campaign uses fake installers, typo-squatted Microsoft domains, and fake Apple security prompts, while harvesting browser sessions, crypto wallets, documents, and remote access configurations. The malware maintains persistence, deploys secondary payloads, and employs modular delivery methods. Operators are increasingly focusing on persistence, anti-analysis, telemetry collection, and trusted-brand impersonation.