@moonlock_lab profile picture
Moonlock Lab @moonlock_lab
Joined June 2023
  • Tweets 540
  • Following 78
  • Followers 1,659
266 Photos and videos
Pinned Tweet
Moonlock Lab
@moonlock_lab
Feb 5
Our team recently published 2026 #macOS malware predictions: supply-chain AI/workflow (MCP) abuse, signed/notarized stealth & multi-stage loaders, Macs as proxy infrastructure, and “upmarket” infostealers. Give it a read! 👇 moonlock.com/macos-malware-t…

6 trends in macOS malware

Here's what to watch out for in 2026.

moonlock.com
1
9
28
3,735
1/ Yet another #FUD #macOS sample on our radar - a full-feature credential stealer with backdoor injection capabilities for Mac. Has not been detected on VT since April. Findings below 👇
1
10
36
6,999
more replies
10/ IOC 🧙 b7d17e11406a15c3a407ecfcb4d4f982edc2e4e18f2c4c177afd6b0bbb27de31 179.43.166[.]242 91.92.243[.]90
2
1
4
237
cc @patrickwardle @g0njxa @malwrhunterteam @arinwaichulis @philofishal @shablolForce @txhaflaire @theevilbit @L0Psec @theJoshMeister @bruce_k3tta @birchb0y @AndreGironda @suyog41 @NietzscheLab @SEAL_911 @_SEAL_Org @malwarezoo
9
253
1/ A new #macOS #stealer in the wild, analyzed after being spotted by @malwrhunterteam🚨 A Rust-compiled, universal (x86_64 arm64) infostealer targeting passwords, Keychain, browser data, Telegram, hardware wallets, and Apple Notes - all in one binary. It’s also different from some usual stealers we see on a daily basis. Here's everything we found 👇
1
14
59
8,256
more replies
9/ Full confirmed capability set - this is not a simple stealer. It's rather a stealer RAT hybrid. 📝Build leak: developer username ‘rootr’ in Rust debug strings. 📌Never run unsigned apps from untrusted sources. Never enter your system password into an app you didn't install yourself.
1
1
5
1,354
10/ IOC 🧙 f7f638987b40d68176e7dd08c34de39b5f1103add19df3f11f1833d027fc11b8 29499aadd073558f4a1e59b56759593c26bfec121b01188a9f4d6fc8c5df0ee1
1
1
8
467
Load more