Reaper Infostealer Targets macOS via Script Editor Bypass

Reaper Infostealer Targets macOS via Script Editor Bypass

A new macOS infostealer named Reaper exploits Apple's Script Editor to steal credentials, cryptocurrency wallets, and business documents while bypassing Terminal-based defenses in macOS Tahoe 26.4. The malware spreads via fake WeChat and Miro installers on typosquatted Microsoft domains, according to SentinelOne research, and uses persistence mechanisms disguised as Google Software Update components.

Reaper adds document theft and wallet injection capabilities, establishing a 60-second beacon for remote code execution and persistent access to enable continued data exfiltration and secondary payload deployment.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"