A new macOS malware strain dubbed “Reaper” is being distributed through fake download pages for apps including WeChat and Miro, with the goal of stealing cryptocurrency wallet data, browser passwords, and sensitive documents. According to ChainCatcher, the report said the malware uses AppleScript URL triggers to open macOS’s built-in Script Editor and hides malicious code using ASCII art and spacing.
After a user clicks the run button, a spoofed Apple security update pop-up prompts the victim to enter their computer password. The malware is reported to target desktop crypto applications including Ledger Live, Trezor Suite, and Exodus by modifying internal wallet code to intercept future transactions and redirect funds.
The report said Reaper also steals saved credentials from Chrome, Firefox, and Edge, and extracts files such as .docx, .pdf, and .wallet from Desktop and Documents folders. It additionally installs a backdoor disguised as a Google software update directory to maintain persistence.
Security experts advised users to verify download links, avoid entering passwords into unexpected pop-ups, and close any website that requests opening Script Editor.
Reaper macOS Malware Spreads via Fake Download Pages to Steal Crypto Wallet Data
2026-06-09 01:44:04
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Humanity Founder Confirms Private Key Leak as Protocol-Linked Losses Exceed $31 MillionNext article:
Humanity成员私钥泄露
