Threat actors previously distributing the Odyssey stealer have evolved their tactics, now impersonating Microsoft Teams to target macOS users with a sophisticated AppleScript-based stealer. The campaign employs a clickfix methodology, tricking users into executing a base64-encoded Terminal command to install the malware and harvest system data and cryptocurrency wallets.
Latest mentioned: 09-08
Earliest mentioned: 09-08