Microsoft: Python-Powered Infostealers Are Now Targeting macOS at Scale

Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python.

The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer.

The campaigns have been using techniques like fileless execution, native macOS utilities, and AppleScript automation to facilitate data theft, including web browser credentials and session data, iCloud Keychain, and developer secrets.

The basis for these attacks is usually a malicious ad, most often delivered via Google Ads, that tricks users searching for tools such as DynamicLake and artificial intelligence (AI) tools into visiting fake websites that use ClickFix lures, fooling users into infecting their own systems with malware. 

“Python-based stealers are being leveraged by attackers to rapidly ...