Rewards Hub Security firms SlowMist and Chainbase have identified a phishing attack targeting macOS users through emails disguised as "audit/compliance confirmation" or "Token unlocking confirmation." The attackers send emails with malicious attachments featuring double extensions, such as .docx.scpt, tricking users into executing scripts. This leads to the theft of system passwords, bypassing TCC permissions, and deploying a Node.js backdoor. Security teams advise users who have opened such attachments or entered passwords to disconnect from the internet immediately and inspect their systems for breaches.
Phishing Attack Targets macOS Users with Malicious Token Vesting Emails
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.