Attackers have shifted tactics by using compiled AppleScript files with deceptive names to deliver malware while bypassing Apple’s security measures. Following a change in Apple’s Gatekeeper protections in August 2024, these .scpt files now open by default in Script Editor.app, presenting a user interface that encourages execution via social engineering tactics.
Security analysts have noted a concerning trend with the use of these AppleScript files to distribute malware such as MacSync Stealer and Odyssey Stealer. These scripts leverage clever deception tactics, embedding malicious code in ways designed to evade casual inspection, often maintaining zero detections on security platforms like VirusTotal. The .scpt files frequently come from phishing emails or compromised sites, targeting users looking for legitimate software updates, thereby exploiting their trust and increasing the likelihood of successful infections.
Organizations must enhance user education around verifying software updates and adopt endpoint detection solutions that can monitor AppleScript execution patterns to mitigate this threat effectively.
👉 Pročitaj original: Cyber Security News
