Skip to content

SHub Reaper: Malware Exploits Fake App Installers to Compromise macOS

The essentials: SHub Reaper uses fraudulent installers of WeChat and Miro to compromise macOS systems while relying on AppleScript execution instead of ClickFix tactics.

The stealer SHub Reaper spreads via manipulated installers of WeChat and Miro and executes malicious AppleScripts on macOS systems. This method replaces the previous ClickFix social engineering tactic.

The stealer SHub Reaper spreads through deceptively authentic installers of popular applications such as WeChat and Miro. Users who download and execute these fraudulent installers become infected with malware that harvests data on macOS.

In contrast to previous attack patterns, the campaign does not rely on social engineering through fake support messages (ClickFix), but instead uses AppleScripts as a direct execution mechanism. This enables the malware to integrate more deeply into the system and extract login credentials and other sensitive information.

For practitioners, this requires heightened vigilance when installing software: installers should be downloaded exclusively from official sources. Unexpected prompts to execute scripts after installation are a warning sign of malware.


Source: ainews-dev.lumi-systems.io · Published May 19, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.5.2.

Share on: