HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Reaper Malware Exploits Fake Microsoft Domain to Harvest macOS Credentials and Crypto Assets

A newly discovered macOS malware family, Reaper, leverages a counterfeit Microsoft domain to steal passwords and cryptocurrency data, bypassing Apple’s Tahoe 26.4 updates. The threat poses a high risk to organizations with macOS endpoints and highlights the need for robust phishing defenses and up‑to‑date endpoint protection.

LiveThreat™ Intelligence · 📅 May 19, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
hackread.com

Reaper Malware Exploits Fake Microsoft Domain to Harvest macOS Credentials and Crypto Assets

What Happened — Researchers identified a new macOS‑focused malware family named Reaper that leverages a counterfeit Microsoft domain to trick users into entering their credentials. The payload bypasses Apple’s Tahoe 26.4 security updates, exfiltrates passwords and cryptocurrency wallet data, and installs a persistent backdoor.

Why It Matters for TPRM

  • Credential theft on macOS endpoints can give threat actors lateral movement into vendor environments.
  • Persistent backdoors undermine the security controls many third‑party providers rely on for remote management.
  • The use of a trusted‑looking Microsoft domain increases the likelihood of successful phishing against business users.

Who Is Affected — Enterprises with macOS workstations, SaaS providers supporting macOS clients, and any organization that allows BYOD macOS devices.

Recommended Actions

  • Verify that all macOS endpoints run the latest security patches beyond Tahoe 26.4.
  • Enforce MFA for Microsoft‑related services and educate users on phishing indicators.
  • Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous domain resolution and credential‑harvesting behaviors.

Technical Notes — Attack vector: phishing via a spoofed Microsoft domain; bypass technique: exploitation of a flaw in macOS’s Tahoe 26.4 update chain; data exfiltrated: saved passwords, crypto wallet seeds, and system information. Source: HackRead

📰 Original Source
https://hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →