[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJPX9NX8lD-IQSNAA4rArhszmb1bRgciliD9IQkz96RM":3},{"article":4,"iocs":44},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":33},"64ee7f5d-c356-450c-a0d5-15db693520a2","Stealer Spoofs Google, Microsoft &amp; Apple, Then Backdoors macOS","stealer-spoofs-google-microsoft-amp-apple-then-backdoors-macos-322411","The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.","SHub Reaper is a new stealer malware that impersonates legitimate software installers (WeChat, Miro) from Google, Microsoft, and Apple to trick users into downloading compromised packages. The malware represents a tactical shift from ClickFix social engineering toward direct AppleScript-based execution for macOS backdoor deployment. This campaign demonstrates how threat actors are evolving distribution methods to bypass user skepticism through trusted brand spoofing.","SHub Reaper stealer spoofs Google, Microsoft, and Apple to backdoor macOS systems via fake installers.",null,"https:\u002F\u002Fwww.darkreading.com\u002Fthreat-intelligence\u002Fstealer-spoofs-google-microsoft-apple-backdoors-macos","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt92862d21865d67ee\u002F6a0c49b0d929ba87161f7f33\u002FmacOS_AfricaStudio_AlamyStockPhoto.png?width=1280&auto=webp&quality=80&disable=upscale","2026-05-19T19:49:40+00:00","2026-05-19T20:00:07.560012+00:00",8,[18,21,23,26],{"name":19,"type":20},"WeChat","product",{"name":22,"type":20},"Miro",{"name":24,"type":25},"AppleScript","technology",{"name":27,"type":28},"ClickFix","campaign","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":29,"icon":11,"name":31,"slug":32},"Malware","malware",[34,39],{"category":35},{"id":36,"icon":11,"name":37,"slug":38},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":40},{"id":41,"icon":11,"name":42,"slug":43},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[45],{"type":32,"value":46,"context":47},"SHub Reaper","macOS stealer malware using spoofed installer distribution"]