Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

Summary

SHub Reaper is a new stealer malware that impersonates legitimate software installers (WeChat, Miro) from Google, Microsoft, and Apple to trick users into downloading compromised packages. The malware represents a tactical shift from ClickFix social engineering toward direct AppleScript-based execution for macOS backdoor deployment. This campaign demonstrates how threat actors are evolving distribution methods to bypass user skepticism through trusted brand spoofing.

Indicators of Compromise

• malware — SHub Reaper

Entities