In late March 2026, Apple shipped macOS Tahoe 26.4 with a specific security improvement: Terminal would now block potentially harmful commands from being pasted and executed by users who had been tricked by ClickFix-style social engineering attacks. It was a targeted mitigation against a specific class of threat.
Within weeks, a new variant of the SHub macOS infostealer family had already found a different route.
SentinelOne's research team identified the variant using the build tag "Reaper." Instead of directing users to Terminal, Reaper uses the applescript:// URL scheme to launch macOS Script Editor preloaded with a malicious AppleScript. The user does not need to paste anything. Clicking the link opens Script Editor with the payload already loaded, one click away from execution.
How Reaper works
The infection chain starts with a fake installer. Campaigns have used fake WeChat and Miro application packages hosted on typosquatted domains, including the misspelled mlcrosoft[.]co[.]com. When a user downloads and runs the installer, Reaper initiates the AppleScript URL scheme attack.
Once executed, Reaper does several things in sequence.
It steals browser credentials and stored passwords, collects document files that might contain financial data, and searches for cryptocurrency wallet applications. When it finds wallet software such as Exodus, Atomic Wallet, Ledger Live, or Trezor Suite, it retrieves a modified application core file from its command-and-control server, terminates the legitimate wallet process, and replaces the core file with the malicious version. Subsequent use of the wallet application routes transactions through attacker-controlled infrastructure.
For persistence, Reaper installs a LaunchAgent that disguises itself as a Google software update process. The agent runs every 60 seconds, sending system information to the C2 server and allowing the attacker to issue further commands.
The broader pattern
Malware evolution tends to be reactive. Defenders add a control; attackers identify which assumption the control relied on and find an alternative route that does not depend on it.
Apple's Terminal clipboard mitigation assumed that malicious execution would go through Terminal. Reaper's response was to find a different scripting surface in the same operating system: AppleScript via Script Editor. Both surfaces can execute arbitrary code; only one was protected.
This pattern repeats across every defensive measure that targets a specific execution path. The lesson for detection is that attacker behavior should be characterized at the goal level (execute arbitrary code, establish persistence, exfiltrate data) rather than the mechanism level (paste into Terminal, download file). Mechanism-level detections are valuable but have bounded durability.
What to do
Be skeptical of any software that requires opening Script Editor, pasting code, or clicking through an unusual prompt to install. Legitimate applications do not need these steps.
Review your LaunchAgents at ~/Library/LaunchAgents. Any item impersonating Google, Apple, or other vendors that you did not explicitly install should be treated as suspicious.
If you hold significant cryptocurrency balances, keep wallet applications air-gapped or use hardware wallets that do not depend on host-OS software.
Gigia Tsiklauri is a Security Architect and founder of Infosec.ge. Get in touch if you work in incident response or threat intelligence and want to exchange notes on macOS adversary techniques.