Fake CleanMyMac Site Spreads SHub Stealer Targeting Crypto Wallets

Threat actors were observed targeting cryptocurrency wallets through a
fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.

Pulse ID: 69af64c1b2d211fb43d4d899
Pulse Link: https://otx.alienvault.com/pulse/69af64c1b2d211fb43d4d899
Pulse Author: cryptocti
Created: 2026-03-10 00:24:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #Word #bot #cryptocurrency #cryptocti