216.73.217.22

Infostealers without borders: macOS, Python stealers, and platform abuse

· Published 02/02/2026 22:44 · Modified 03/02/2026 10:50

Export JSON

Essential information

Published
02/02/2026 22:44
Modified
03/02/2026 10:50
Tags
2026-02-02 atomic macos stealer credential-theft digitstealer eternidade stealer fileless execution infostealer macos macsync platform abuse pxa stealer python social engineering
Related entities
23 observables, 17 techniques (mitre), 5 malware, 19 others

Description

threats are expanding beyond Windows, targeting and leveraging cross-platform languages like . Recent campaigns use to deploy -specific infostealers such as , , and AMOS. These stealers use and native utilities to harvest credentials and sensitive data. -based stealers are also on the rise, allowing attackers to quickly adapt and target diverse environments. Additionally, threat actors are abusing trusted platforms like WhatsApp and PDF converter tools to distribute malware such as . These evolving threats blend into legitimate ecosystems and evade conventional defenses, posing significant risks to organizations across various operating systems and delivery channels.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (23)

  • 195.24.236.116
  • 157.66.27.11
  • 217.119.139.117
  • http://concursal.macquet.de/uid_page=244739642061129
  • https://bagumedios.cloud/assets/media/others/ADN/pure
  • https://allecos.de/Documentación_del_expediente_de_derechos_de_autor_del_socio.zip
  • https://erik22jomk77.card.co
  • https://tickets.pfoten-prinz.de/uid_page=118759991475831
  • 59347a8b1841d33afdd70c443d1f3208dba47fe783d4c2015805bf5836cff315
  • 5970d564b5b2f5a4723e548374d54b8f04728473a534655e52e5decef920e733
  • 5d929876190a0bab69aea3f87988b9d73713960969b193386ff50c1b5ffeadd6
  • de07516f39845fb91d9b4f78abeb32933f39282540f8920fe6508057eedcbbea
  • 495697717be4a80c9db9fe2dbb40c57d4811ffe5ebceb9375666066b3dda73c3
  • 42d51feea16eac568989ab73906bbfdd41641ee3752596393a875f85ecf06417
  • 2c885d1709e2ebfcaa81e998d199b29e982a7559b9d72e5db0e70bf31b183a5f
  • 3bd6a6b24b41ba7f58938e6eb48345119bbaf38cd89123906869fab179f27433
  • bdd2b7236a110b04c288380ad56e8d7909411da93eed2921301206de0cb0dda1
  • a5b19195f61925ede76254aaad942e978464e93c7922ed6f064fab5aad901efc
  • 598da788600747cf3fa1f25cb4fa1e029eca1442316709c137690e645a0872bb
  • 9d867ddb54f37592fa0ba1773323e2ba563f44b894c07ebfab4d0063baa6e777
  • c72f8207ce7aebf78c5b672b65aebc6e1b09d00a85100738aabb03d95d0e6a95
  • 6168d63fad22a4e5e45547ca6116ef68bb5173e17e25fd1714f7cc1e4f7b41e1
  • 3e20ddb90291ac17cef9913edd5ba91cd95437da86e396757c9d871a82b1282a

Techniques (MITRE) (17)

Malware (5)

  • Eternidade Stealer
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 20:09 · Modified 22/12/2025 00:08
  • Atomic macOS Stealer
    Family
    Published 18/05/2026 17:52 · Modified 18/05/2026 17:52
  • Macsync
    Family
    Published 06/05/2026 19:35 · Modified 06/05/2026 19:35
  • PXA Stealer
    Family
    Published 02/02/2026 22:44 · Modified 02/02/2026 22:44
  • DigitStealer
    Family
    Published 02/02/2026 22:44 · Modified 02/02/2026 22:44

Others (19)

  • barbermoo.coupons
  • ai.foqguzz.com
  • goldenticketsshop.com
  • dynamiclake.org
  • alli-ai.pro
  • tickets.pfoten-prinz.de
  • day.foqguzz.com
  • barbermoo.xyz
  • barbermoo.space
  • barbermoo.top
  • concursal.macquet.de
  • barbermoo.fun
  • allecos.de
  • bagumedios.cloud
  • barbermoo.world
  • booksmagazinetx.com
  • barbermoo.shop
  • barbermoo.today
  • erik22jomk77.card.co

External references