New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor.

A malicious new malware is targeting macOS users, disguised as a critical system update and popular workplace software. Cybersecurity firm SentinelOne’s research unit, SentinelLABS, recently discovered this threat and shared the details with Hackread.com.

The malware is a fresh variant of an infostealer called SHub, tracked under the name Reaper. Apple recently updated its macOS Tahoe 26.4 to stop similar attacks, but researchers found that “Reaper tricks routes around that fix entirely,” making it a serious threat for Mac users.

How the Trick Works

The attack starts with fake download pages for WeChat or Miro (popular communication and workplace apps). To ensure these apps appear as trusted, attackers used a typo-squatted domain, mlcrosoft.co.com.

When someone visits these pages, hidden JavaScript code ...