What happened
Security researchers have identified a new wave of activity involving the Odyssey stealer malware that specifically targets macOS systems to harvest credentials and exfiltrate sensitive data. The campaign delivers the malware through deceptive distribution methods, including trojanized applications and malicious installers designed to appear legitimate to macOS users. Once executed, Odyssey stealer collects credentials stored in web browsers, cryptocurrency wallets, and other applications, along with system metadata and configuration details. The malware then transmits the stolen information to attacker-controlled infrastructure for further use. Researchers noted that the latest wave includes updated evasion techniques intended to bypass macOS security controls and avoid detection, allowing the stealer to persist long enough to complete data collection and exfiltration.
Who is affected
macOS systems where the Odyssey stealer malware is downloaded and executed are affected, resulting in exposure of stored credentials, wallet data, and system information.
Why CISOs should care
macOS-targeted infostealers demonstrate growing attacker focus on non-Windows enterprise endpoints, increasing credential theft and data exposure risk in environments where macOS devices are widely used.
3 practical actions
- Audit macOS endpoint activity. Review telemetry for suspicious installer executions and unauthorized outbound connections.
- Harden application installation controls. Restrict execution of unverified or unsigned macOS applications.
- Monitor credential access. Detect abnormal access to browser credential stores and wallet files on macOS devices.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.