[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLR8c9RnYXam9S_M1Uh8RGVnjwd0guy2lRrZvLT_AZg8":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":30},"6f533fd2-d905-48fc-8373-eae2bd96d4c4","A new macOS stealer called Reaper — a SHub variant tracked by @LabsSentinel — runs an infection c...","a-new-macos-stealer-called-reaper-a-shub-variant-tracked-by-labssentinel-runs-an-90bc9b","A new macOS stealer called Reaper — a SHub variant tracked by @LabsSentinel — runs an infection chain where each stage hides behind a different trusted brand:\n\n- The lure: a fake WeChat or Miro installer\n- The delivery: a typo-squatted domain, mlcrosoft[.]co[.]com\n- The https:\u002F\u002Ft.co\u002FeTlTmcZb7r","Reaper, a new macOS stealer malware tracked as a SHub variant, employs a multi-stage infection chain that exploits user trust in legitimate applications. The attack uses fake WeChat or Miro installers as lures and delivers payloads through typo-squatted domains (e.g., mlcrosoft[.]co[.]com) mimicking Microsoft. Each stage of the infection chain hides behind different trusted brand names to evade detection.","Reaper macOS stealer (SHub variant) uses typo-squatted domains and fake installers to infect systems.",null,"https:\u002F\u002Fx.com\u002FSentinelOne\u002Fstatus\u002F2056365886643269646","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHImtkwfbEAE5EHA.jpg","2026-05-18T13:26:47+00:00","2026-05-18T14:00:12.608264+00:00",8,[18,21,24],{"name":19,"type":20},"LabsSentinel","threat_actor",{"name":22,"type":23},"WeChat","product",{"name":25,"type":23},"Miro","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":26,"icon":11,"name":28,"slug":29},"Malware","malware",[31,36,38],{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":37},{"id":26,"icon":11,"name":28,"slug":29},{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[44,48,51],{"type":45,"value":46,"context":47},"domain","mlcrosoft.co.com","Typo-squatted domain used in Reaper malware delivery chain",{"type":29,"value":49,"context":50},"Reaper","macOS stealer malware, SHub variant",{"type":29,"value":52,"context":53},"SHub","Parent malware family; Reaper is a variant"]