Reaper Bypasses Apple Security to Steal macOS Passwords and Hijack Crypto Wallets

Tue, 19 May 2026 10:52:16 +0200

Reaper swipes macOS passwords and crypto wallets, backdoors the machine, and pretends to be Apple, Microsoft, and Google in the same attack. Apple shipped an update in March to stop exactly this. Reaper already bypasses it.

Reaper belongs to a malware family called SHub Stealer, active since April 2025. SHub grew out of an earlier macOS stealer called MacSync, which itself was built on a foundation called Mac.c, first spotted in April 2025. Within months it turned into a commercial crime service, meaning the people who built the infrastructure rent access to different operators who run their own campaigns with their own targets and lures. Researchers at Malwarebytes, Jamf, Moonlock, and Microsoft’s Defender Security Research team had already documented earlier variants, but this version of Reaper does things none of the earlier builds could: a bypass of Apple’s latest security update, a persistent backdoor that survives reboots, and a method for permanently hijacking installed crypto wallet applications without triggering a single security warning.

Snap Store Domain Hijacking Lets Attackers Push Malware Through Trusted Linux Apps

Fri, 23 Jan 2026 13:49:36 +0100

Attackers found a way to hijack legitimate apps in the Snap Store. 7000 packages. Millions of Linux users. One victim already lost 9 Bitcoin. That was $490,000. 🧐

The Snap Store is the official app store for Ubuntu and other Linux distributions, run by Canonical. When developers publish apps, they sign up with an email on their own domain. Something like dev@mycoolproject.tech. But domains expire. People forget to renew, move on to other things, and that domain goes back on the market for anyone to grab.

Crypto Wallet on HackingPassion.com : root@HackingPassion.com-[~]

Reaper Bypasses Apple Security to Steal macOS Passwords and Hijack Crypto Wallets

Snap Store Domain Hijacking Lets Attackers Push Malware Through Trusted Linux Apps