Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

A deceptive website impersonating CleanMyMac tricks users into installing SHub Stealer, a sophisticated macOS malware. The malware steals sensitive data, including passwords, browser data, cryptocurrency wallets, and Telegram sessions. It can also modify wallet apps to steal recovery phrases. The attack begins with users pasting a command into Terminal, which downloads and executes a malicious script. The malware performs extensive data collection from various browsers and wallet applications, and installs persistent backdoors in certain crypto wallet apps. SHub Stealer is part of a growing family of AppleScript-based macOS infostealers, demonstrating increasing sophistication in targeting Mac users.

Pulse ID: 69ae9dcd62b1927161472bf9
Pulse Link: https://otx.alienvault.com/pulse/69ae9dcd62b1927161472bf9
Pulse Author: AlienVault
Created: 2026-03-09 10:15:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Telegram #Word #bot #cryptocurrency #AlienVault