Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords

Researchers identified a macOS malware campaign distributing a Reaper (SHub Stealer) variant via typo-squatted and fake app download pages that abuse applescript:// links to auto-run malicious code in Script Editor, bypassing Terminal protections; the malware steals documents and browser/crypto credentials, chunks and uploads compressed archives to a C2, modifies desktop wallet applications to intercept funds, and persists via a fake Google Software Update directory.