Infostealers without borders: macOS, Python stealers, and platform abuse

This Microsoft Defender Experts blog details active and evolving infostealer campaigns (macOS-centric stealers like DigitStealer, MacSync, AMOS; Python-based PXA stealer; Eternidade via WhatsApp; and a malicious Crystal PDF installer) that employ social engineering, fileless execution, living-off-the-land, obfuscated Python, DLL sideloading, and platform abuse to harvest browser credentials, wallets, cloud and developer secrets. The report includes mitigation guidance, Defender XDR detections, hunting queries, and extensive IoCs (hashes, domains, URLs, IPs) to support detection and response.