New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

SentinelOne researchers uncovered a macOS infostealer named Reaper (a SHub variant) distributed via typo-squatted download pages for legitimate apps; the malware tricks victims into executing AppleScript that prompts for credentials, exfiltrates browser data, password managers, crypto wallets and documents (splitting large files), installs a persistent backdoor that contacts a C2 server (hebsbsbzjsjshduxbs.xyz) every 60 seconds, and can execute remote commands with elevated privileges.