Thursday 28 August 2025
What’s going on?
A new malicious program has been discovered, called Shamos, which is specifically designed to steal data from Mac computers. It targets users with so-called “Mac fixes” that are fake.
How does it work?
Users of Apple’s macOS are misled via advertisements or fake GitHub pages. There, they are asked to copy and run a command in the Terminal. They believe they are fixing a problem, but instead, they install the Shamos malware program.
What does Shamos do?
Once active, it collects sensitive information such as passwords, browser data, Keychain items, Apple Notes, and even crypto wallets. This data is then packaged and sent to the criminals.
How can you stay safe?
- Never run Terminal commands you don’t understand, especially from unknown websites or GitHub pages.
- If you encounter issues, contact the LISA Service Desk or official Apple support channels.
- Have your Mac managed by LISA so the system is monitored and trusted antivirus software is installed.
- On your personal device, consider using reputable antivirus software with privacy protection.
