Reaper is a sophisticated macOS infostealer malware variant of SHub Stealer that employs social engineering via fake installers and spoofs major tech companies to deceive users. It leverages the applescript:// URL scheme to evade Terminal-based defenses and conducts detailed environment fingerprinting and anti-analysis to avoid detection. The malware harvests sensitive data including browser credentials, cryptocurrency wallets, developer settings, iCloud data, and Telegram sessions. It also exfiltrates documents under 150MB using a chunked upload method similar to AMOS. Persistence is achieved through a fake Google Software Update LaunchAgent, and a backdoor enables remote code execution. The malware specifically excludes CIS countries and uses multiple anti-analysis techniques such as WebGL fingerprinting, virtual machine detection, and interference with developer tools to hinder analysis.

Reaper compromises macOS systems by stealing a wide range of sensitive user data including credentials, cryptocurrency wallets, cloud data, and messaging sessions. It also exfiltrates documents and establishes persistence and remote access capabilities, potentially allowing attackers ongoing control and data theft. The malware’s anti-analysis and evasion techniques reduce the likelihood of detection and removal. There are no known exploits in the wild reported, and the infection avoids CIS regions.

No official patch or remediation guidance is provided in the available data. Since this is malware delivered via social engineering (fake installers), users should avoid installing software from untrusted sources. Endpoint protection solutions with macOS malware detection capabilities may help detect and block this threat. Monitoring for suspicious LaunchAgents, especially those mimicking legitimate software update services, and network indicators such as the listed malicious domains and URLs can assist in detection. Patch status is not yet confirmed — check vendor advisories and security vendor updates for current remediation guidance.