Chainbase Lab Uncovers Elaborate Mac Phishing Campaign Underway Globally

Chainbase Lab detected a phishing email campaign targeting macOS users. Attackers sent emails disguised as audit/compliance confirmations to lure recipients into replying with credentials/data. The campaign uses social engineering, multi-stage fileless payloads, and a Node.js-based remote control environment. Researchers decoded the AppleScript content, revealing malicious capabilities for info theft and privilege bypass.