According to Microsoft’s security research team, since late 2025, attackers have been distributing fake macOS troubleshooting guides on platforms including Medium, Craft, and Squarespace to trick users into running malicious terminal commands. The commands download and execute malware designed to steal cryptocurrency wallet keys from Exodus, Ledger, and Trezor, along with iCloud data and saved passwords from Chrome and Firefox.
The malware families involved include AMOS, Macsync, and SHub Stealer. In some cases, attackers also delete legitimate wallet applications and replace them with trojanized versions. Apple has added protection in macOS 26.4 to block pasting of potentially malicious commands.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
USDT0 Announces 3/3 Validation Mechanism and $6M Bug Bounty Program Following Kelp Incident
According to Foresight News, USDT0, Tether's asset interoperability protocol, announced security architecture details following the Kelp incident. The protocol employs a proprietary Decentralized Verifier Network (DVN) with message veto rights and requires three independent validators based on
GateNews48m ago
LayerZero Issues Public Apology for Kelp DAO Exploit Response, Admits DVN Single-Verifier Fault
According to LayerZero, the protocol issued a public apology on Friday for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO's cross-chain bridge, marking a significant tonal shift from its earlier post-mortem. LayerZero acknowledged that its Decentralized
GateNews1h ago
LayerZero Issues Public Apology for Kelp DAO Exploit, Admits Single-Verifier Setup Was Mistake
According to LayerZero's official blog post on Friday, the protocol issued a public apology for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO's cross-chain bridge. LayerZero admitted it made a mistake by allowing its Decentralized Verifier Network to serve
GateNews7h ago
Crypto Wrench Attacks Surge 41% in 2026, Targeting Family Members
Crypto security firm CertiK estimates that cryptocurrency holders have lost approximately $101 million from wrench attacks in the first four months of 2026, according to the firm's analysis. If the trend continues at this rate, that equates to hundreds of millions of dollars lost for the full
CryptoFrontier8h ago
LayerZero Issues Public Apology on May 8, Admits Fault in Single-Verifier Setup for Kelp DAO Exploit
According to The Block, LayerZero issued a public apology on Friday for its handling of the April 18 exploit that drained roughly $292 million in rsETH from Kelp DAO's cross-chain bridge. The protocol acknowledged it made a mistake by allowing its Decentralized Verifier Network (DVN) to serve as the
GateNews13h ago
Crypto Wrench Attacks Rise: Victims Lose $101M in First Four Months of 2026, Families Increasingly Targeted
According to CertiK, crypto wrench attack victims lost approximately $101 million in the first four months of 2026, with the trend projected to reach hundreds of millions for the full year. The security firm verified 34 incidents globally, representing a 41% increase from the same period in 2025, wi
GateNews14h ago
