<ciso brief/>
Tag Banner

All news with #gatekeeper bypass tag

all tags →

Mon, August 25, 2025

Fake macOS Help Sites Spread SHAMOS Infostealer via Ads

#Apple #CrowdStrike #Data Exfil via Tools #Gatekeeper Bypass #GitHub #MacOS Infostealer #Malvertising

🔒 CrowdStrike disrupted a malvertising campaign that redirected users to counterfeit macOS help pages and urged them to run a malicious one-line installation command. Observed between June and August 2025, the operation sought to deliver the SHAMOS variant of the Atomic macOS Stealer (AMOS), a Mach-O binary distributed by MaaS operator Cookie Spider. The installer decoded a Base64 string, executed a Bash script that captured credentials and fetched the payload from icloudservers[.]com.

read more →