The malware Reaper steals encrypted wallet data by hijacking the macOS script editor.

CoinFeed reported on June 9th that, according to Cryptopolitan, a new type of macOS malware called Reaper is spreading through fake download pages for apps like WeChat and Miro, targeting the theft of cryptocurrency wallet data, browser passwords, and sensitive documents. This malware uses AppleScript URLs to trigger the system's built-in script editor, hiding malicious code with ASCII art and spaces. After clicking the run button, a fake Apple security update pop-up tricks the victim into entering their computer password. Reaper targets desktop encryption applications such as Ledger Live, Trezor Suite, and Exodus, modifying the wallet's internal code to intercept future transactions and redirect funds.