Odyssey Stealer Malware Attacks macOS Users

Aug. 7, 2025, 9:45 p.m.

Description

A phishing campaign targeting macOS users employs a ClickFix technique to deliver the Odyssey Stealer malware. The attack uses a fake CAPTCHA verification page that executes without dropping a binary on the system. When users follow the instructions, they unknowingly execute a malicious AppleScript that collects sensitive data, including crypto wallet information, browser extensions, cookies, saved keychains, usernames, and passwords. The script creates a ZIP archive of the stolen data and exfiltrates it to a command and control server. This sophisticated attack blends phishing and social engineering to bypass traditional detection methods, making it challenging to detect and analyze.

External References

https://www.forcepoint.com/blog/x-labs/odyssey-stealer-attacks-macos-users
https://otx.alienvault.com/pulse/68951749fda95619a21de94a
Tags
phishing
macos
credential theft
clickfix
applescript
odyssey stealer
2025-08-07
crypto wallet

Date

  • Created: Aug. 7, 2025, 9:14 p.m.
  • Published: Aug. 7, 2025, 9:14 p.m.
  • Modified: Aug. 7, 2025, 9:45 p.m.

Indicators

  • 45.46.130.131
  • 45.146.130.131
  • tradingviewen.com
Download all indicators here!