Moonlock Lab

Lifebuoy
"Anti-Ledger" malware: The battle for Ledger Live seed phrases: Header image
“Anti-Ledger” malware: The battle for Ledger Live seed phrases
Hackers are increasingly exploiting the trust that crypto owners place in cold wallets, turning the very tools meant to secure assets into attack surfaces. The recent ByBit heist has shaken the crypto industry...
May 22, 2025
10 min read
Realtek or real threat? The macOS malware that won’t quit: Header image
Realtek or real threat? The macOS malware that won’t quit
Suspected North Korean threat actors are targeting macOS users with a recycled — but still dangerous — malware campaign. First spotted in April 2025, this campaign is a subtle evolution of the “Contagious...
May 5, 2025
9 min read
Moonlock 2024 macOS threat report (Header image)
Moonlock’s 2024 macOS threat report
For decades, Apple devices have enjoyed a reputation for being mostly malware-free. However, with a 60 percent increase in market share in the last 3 years alone, macOS has become a prime target...
Dec 3, 2024
14 min read
Kseniia Yamburh for OFTW: Confronting the surge of macOS stealers in 2024 (Header image)
Kseniia Yamburh for OFTW: Confronting the surge of macOS stealers in 2024
Historically, macOS has enjoyed a reputation for being a highly secure, almost untouchable operating system. However, over the last 3 years, macOS has seen a remarkable 60 percent increase in market share, making...
Oct 10, 2024
15 min read
macOS stealer posing as Loom is allegedly linked to the Crazy Evil group (Header image)
macOS stealer posing as Loom may be linked to Crazy Evil group
At Moonlock Lab, we’ve recently uncovered a sophisticated and alarming threat spreading through Google-sponsored URLs. The threat, a stealer malware targeting macOS, poses as the popular application Loom, a widely used screen recording...
Aug 1, 2024
5 min read
Kseniia Yamburh for RSA Webcast: State-backed APTs are a rising macOS threat (Header image)
Kseniia Yamburh for RSA Webcast: State-backed APTs are a rising macOS threat
Just over a decade ago, Apple was able to boast that Macs were “immune to viruses.” But not only are Macs susceptible to malware — advanced persistent threats (APTs) specifically targeting Mac users...
Jul 10, 2024
13 min read
Hacker deploys macOS stealer disguised as CleanMyMac crack (Header image)
Hacker deploys macOS stealer disguised as CleanMyMac crack
A new threat has emerged that is targeting macOS users. At Moonlock Lab, we discovered a malware sample that has evaded detection on VirusTotal since its first submission on May 17, 2024. Most...
Jun 4, 2024
5 min read
Pirate sites spread malware posing as CleanMyMac and Photoshop (Header image)
Pirate sites spread malware posing as CleanMyMac and Photoshop
The most important duty of cybersecurity researchers is to keep users informed about emerging threats and vulnerabilities. So today, we delve into the world of cracked software distribution and discover how threat actors...
Apr 16, 2024
5 min read
macOS stealer found camouflaged in an Apple/Bash payload (Header image)
macOS stealer found camouflaged in an Apple/Bash payload
In the ever-evolving landscape of cybersecurity threats, macOS users now face a new danger. This time, it comes in the form of a DMG trojan involving a partially obfuscated AppleScript and Bash payload...
Mar 28, 2024
4 min read
A detailed analysis of the SpectralBlur backdoor on macOS (Header image)
A detailed analysis of the SpectralBlur backdoor on macOS
Recently, we saw a suspicious file in our sandbox. After some research and analysis, we found the following post on the X social media platform. The post mentions a macOS backdoor known as...
Jan 19, 2024
3 min read