Just because you use macOS does not mean you are off cybercriminals’ radar. A clever new variant of a dangerous password stealer changes disguises at every stage of the infection chain. Security researchers warn it uses a payload hosted on a typo-squatted Microsoft domain, arrives disguised as an Apple security update, and hides inside a spoofed Google Software Update directory to maintain access to infected Macs. Here’s what you need to know about the latest SHub Reaper multi-stage attack chain.

The Latest SHub Reaper macOS Password Stealer Dissected

While Microsoft is stealing the security limelight for all the wrong reasons right now, with an actively exploited Exchange Server zero-day confirmed and an angry Windows hacker dropping more exploits at a rate of knots, macOS users........

© Forbes