PANews reported on June 9th that, according to Cryptopolitan, a new type of macOS malware called Reaper is spreading through fake download pages for apps like WeChat and Miro, targeting the theft of cryptocurrency wallet data, browser passwords, and sensitive documents. This malware uses AppleScript URLs to trigger the system's built-in script editor, hiding malicious code with ASCII art and spaces. After the user clicks the run button, a fake Apple security update pop-up tricks the victim into entering their computer password.

Reaper targets desktop crypto applications such as Ledger Live, Trezor Suite, and Exodus, modifying the wallet's internal code to intercept future transactions and redirect funds. It also steals stored credentials from Chrome, Firefox, and Edge, and extracts .docx, .pdf, and .wallet files from the desktop and document folders. Reaper also installs a backdoor disguised as a Google software update directory to enable persistent attacks. Security experts advise users to verify download links, avoid entering passwords in unexpected pop-ups, and immediately close any pages that request the opening of script editors.