Fake CleanMyMac Site Spreads SHub Stealer Targeting Crypto Wallets

Threat actors were observed targeting cryptocurrency wallets through a
fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.

Pulse ID: 69af64c1b2d211fb43d4d899
Pulse Link: https://otx.alienvault.com/pulse/69af64c1b2d211fb43d4d899
Pulse Author: cryptocti
Created: 2026-03-10 00:24:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #Word #bot #cryptocurrency #cryptocti

Fake CleanMyMac Site Spreads SHub Stealer Targeting Crypto Wallets

Threat actors were observed targeting cryptocurrency wallets through a
fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.

Pulse ID: 69af64c1b2d211fb43d4d899
Pulse Link: https://otx.alienvault.com/pulse/69af64c1b2d211fb43d4d899
Pulse Author: cryptocti
Created: 2026-03-10 00:24:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #Word #bot #cryptocurrency #cryptocti

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

A deceptive website impersonating CleanMyMac tricks users into installing SHub Stealer, a sophisticated macOS malware. The malware steals sensitive data, including passwords, browser data, cryptocurrency wallets, and Telegram sessions. It can also modify wallet apps to steal recovery phrases. The attack begins with users pasting a command into Terminal, which downloads and executes a malicious script. The malware performs extensive data collection from various browsers and wallet applications, and installs persistent backdoors in certain crypto wallet apps. SHub Stealer is part of a growing family of AppleScript-based macOS infostealers, demonstrating increasing sophistication in targeting Mac users.

Pulse ID: 69ae9dcd62b1927161472bf9
Pulse Link: https://otx.alienvault.com/pulse/69ae9dcd62b1927161472bf9
Pulse Author: AlienVault
Created: 2026-03-09 10:15:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Telegram #Word #bot #cryptocurrency #AlienVault

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

A deceptive website impersonating CleanMyMac tricks users into installing SHub Stealer, a sophisticated macOS malware. The malware steals sensitive data, including passwords, browser data, cryptocurrency wallets, and Telegram sessions. It can also modify wallet apps to steal recovery phrases. The attack begins with users pasting a command into Terminal, which downloads and executes a malicious script. The malware performs extensive data collection from various browsers and wallet applications, and installs persistent backdoors in certain crypto wallet apps. SHub Stealer is part of a growing family of AppleScript-based macOS infostealers, demonstrating increasing sophistication in targeting Mac users.

Pulse ID: 69ae9dcd62b1927161472bf9
Pulse Link: https://otx.alienvault.com/pulse/69ae9dcd62b1927161472bf9
Pulse Author: AlienVault
Created: 2026-03-09 10:15:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Telegram #Word #bot #cryptocurrency #AlienVault