Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
AppleJeus is a sophisticated macOS trojan attributed to North Korea's state-sponsored APT Lazarus Group. This malware has been used for years to infiltrate cryptocurrency exchanges and financial service companies by masquerading as legitimate applications. AppleJeus enables unauthorized access, facilitates data exfiltration, and can lead to significant financial losses.
Learn MoreThreat Intelligence
Stay informed about the latest threats and vulnerabilities with our comprehensive Threat Intelligence resources.
Atomic Stealer (AMOS) is a sophisticated piece of malware that targets Apple users by masquerading as legitimate applications. Once installed, AMOS can exfiltrate extensive data, including keychain passwords, user documents, system information, browser data, credit card information, and cryptocurrency wallets. There is a strong association between Atomic Stealer and Russian-speaking cybercriminal communities.
Learn MoreBackdoor Activator is a macOS malware campaign that spreads through infected copies of popular applications and productivity tools, often via torrent downloads. Disguised as software 'Activators' to crack legitimate applications, this malware family compromises system security and may facilitate unauthorized remote access.
Learn MoreBanshee is a sophisticated macOS infostealer that poses a significant threat to Apple users. It is designed to exfiltrate a wide range of sensitive information, including system data, login credentials, and, cryptocurrency wallets.
Learn More
Bundlore is an extremely prevalent adware that targets macOS systems by bundling unwanted applications with legitimate software installers. It often masquerades as popular software updaters and installers, deceiving users into installing additional unwanted programs. Once installed, Bundlore injects advertisements into web browsers, redirects user searches, and collects sensitive browsing data. Bundlore is sometimes dropped by macOS malware Shlayer.
Learn MoreCareto (also known as The Mask) is an advanced cyber espionage malware family attributed to a sophisticated threat actor, likely state-sponsored. It targets macOS, Windows, Linux, and mobile platforms with the primary intent of covertly exfiltrating sensitive user data, credentials, encryption keys, and network configurations through multi-stage payloads and encrypted communications.
Learn MoreCthulhu is a macOS stealer that masquerades as legitimate software to deceive users into installing it. Once executed, it collects sensitive information, including system data, browser credentials, cryptocurrency wallets, and game account details. Cthulhu has also been known to target enterprise environments to conduct cyber espionage campaigns.
Learn MoreCuckoo is an info stealer that typically masquerades as macOS applications such as Homebrew and Google Chrome. Discovered by Kandji in 2024, it has been known to steal passwords, as well as recording audio and video from an infected system.
Learn More
EvilQuest, also known as ThiefQuest, is a ransomware variant that targets macOS systems. EvilQuest also includes some information stealing and data exfiltration features. It is actively being enhanced with new features to avoid detection.
Learn More
PasivRobber is a sophisticated macOS surveillance suite discovered in March 2025. It targets applications popular among Chinese users, such as WeChat and QQ, and can exfiltrate sensitive data from various sources, including web browsers, email clients, and system files. The malware employs deceptive naming schemes and a modular architecture, indicating a deep understanding of macOS internals.
Learn MorePoseidon (RodrigoStealer) is an information stealer targeting macOS users, masquerading as legitimate applications such as the Arc browser. It is designed to exfiltrate sensitive data, including system information, browser credentials, cryptocurrency wallets, and documents. It has been associated with Russian-speaking cybercriminal communities and is actively distributed through phishing campaigns and compromised websites.
Learn MoreProcessHub stealer is a relatively new finding attributed to China, and is designed to collect user files including bash history, zsh history, GitHub configuration, SSH information, and the Keychain. It completes these actions in a multi-stage process including the downloading of a script from its command and control server, the collection of user files, and the uploading these files.
Learn MoreShlayer is a Trojan downloader that primarily targets macOS systems, known for distributing various types of adware, including Bundlore. It is distributed through fake Flash Player updates and deceptive websites, tricking users into installing unwanted software. Once executed, Shlayer connects to command-and-control servers to download additional payloads.
Learn MoreAdload is a family of adware that infects macOS systems by masquerading as legitimate software requesting user permissions. Once installed, Adload directs users to unwanted ads, changes browser settings, and can significantly slow the performance of your computer. In addition to this, Adload puts your privacy at risk by tracking your online activity and installing other harmful programs without user permissions. Adload is sometimes dropped by macOS malware Shlayer.
Learn More