2026-05-08 (FRIDAY): MACOS SHUB STEALER INFECTION

NOTICE:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

ASSOCIATED FILES:

• 2026-05-08-IOCs-for-macOS-Shub-Stealer.txt.zip   1.8 kB   (1,807 bytes)
• 2026-05-08-macOS-Shub-Stealer-infection.pcap.zip   21.7 MB   (21,754,518 bytes)
• 2026-05-08-macOS-Shub-Stealer-files.zip   20.4 kB   (20,364 bytes)

 

IMAGES

Shown above: Results of a Google search to find some leads.

 

Shown above: Document hosted on Google Drive with a link that redirected to malicious content.

 

Shown above: A "Download for macOS" page with script to copy and paste into a terminal window.

 

Shown above: Script from the "Download for macOS" page copied and pasted into a terminal window.

 

Shown above: Log file generated for this Shub Stealer infection.

 

Shown above: Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.