The malware’s use of Tor and a local SOCKS5 proxy suggests a design built for both wallet theft and quieter operator tasking, a combination that complicates endpoint defense.
A macOS targeting campaign shows how a convincing prompt can matter more than a technical exploit when attackers are trying to make the victim run the payload themselves.
A macOS infostealer called Reaper appears to lean on trusted scripting tools, turning a familiar utility into a path toward password and crypto theft.