Miro

The SHub Reaper stealer combines credential theft, wallet hijacking, and document exfiltration with persistent backdoor access on macOS, distributed through fake WeChat and Miro installers while spoofing Apple, Google, and Microsoft to evade detection.

A new variant of the 'SHub' macOS infostealer, dubbed Reaper, uses AppleScript to display a fake security update message and install a backdoor, ultimately stealing browser data, financial documents, and cryptocurrency wallet information while bypassing Terminal-based mitigations in macOS.