75/69 Friday, February 6, 2026
Microsoft Defender security researchers have warned of a growing trend in infostealer malware targeting the macOS operating system. Attackers are leveraging Python to develop cross-platform malware and employing social engineering techniques such as ClickFix, along with malvertising campaigns on Google Ads, to trick users into downloading fake installers. Once installed, the malware can steal sensitive information including browser passwords, session data, iCloud Keychain contents, and developer secrets. The identified malware families include Atomic macOS Stealer (AMOS), MacSync, and DigitStealer.
Beyond macOS attacks, the report also highlights PXA Stealer, a Python-based malware linked to Vietnamese-speaking threat actors that spreads through phishing emails and uses Telegram as a command-and-control (C2) channel. Researchers additionally observed Eternidade Stealer being distributed via WhatsApp, as well as SEO poisoning campaigns promoting a fake PDF editor named Crystal PDF designed to harvest cookies and credentials from Chrome and Firefox browsers. These findings demonstrate attackers’ ability to adapt their code to effectively target diverse environments.
Microsoft emphasized that infostealer infections often serve as the starting point for broader damage, including data breaches, Business Email Compromise (BEC), and ransomware attacks. To mitigate these threats, organizations should educate users about ClickFix-style scams and the risks associated with malicious advertisements, while actively monitoring for suspicious behaviors such as unusual Terminal activity, unauthorized access to iCloud Keychain, and network connections to suspicious domains.
Source https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html
