New Odyssey Stealer Wave Actively Targets macOS Users

Odyssey Stealer, a sophisticated and aggressive malware campaign, has recently intensified its active targeting of macOS systems.

This fresh wave of cyber threats has caught the attention of security experts due to its rapid spread and enhanced stealth capabilities.

Unlike previous iterations, this campaign demonstrates a highly coordinated effort to compromise Apple computers worldwide, systematically stealing sensitive user data such as cryptocurrency wallets, login credentials, and personal documents.

The malware typically infects systems through deceptive means, often disguised as legitimate software updates, fake applications, or cracked tools found on dubious websites.

Once inside, it quietly harvests critical information from web browsers like Chrome and Safari, as well as the macOS Keychain.

The impact is severe, ranging from immediate financial loss due to drained crypto accounts to long-term identity theft.

The attackers leverage these advanced techniques to ensure the malware remains undetected while it sends valuable data to remote servers.

Moonlock Lab analysts identified this escalating threat, noting a significant spike in activity over the past few days.

Initially, the telemetry data indicated infections were primarily spreading across the United States, France, and Spain.

However, the picture clearly changed within just twenty-four hours as the campaign aggressively expanded its reach.

The infection vectors have now appeared in the United Kingdom, Germany, Italy, Canada, Brazil, India, and multiple nations across Africa and Asia.

Two map screenshots, taken only one day apart, highlight a rapidly expanding geographic footprint that underscores the viral nature of this specific attack wave.

Advanced Evasion Through Polymorphism

The most alarming aspect of this new Odyssey Stealer campaign is its ability to evade traditional security defenses through automation.

The malware samples analyzed in this wave appear to be auto-generated, a technique that creates a unique digital fingerprint, or hash, for every single infection instance.

While the file size and malicious functionality remain identical, this “polymorphism” ensures that no two files look the same to antivirus scanners relying on static signatures.

By constantly altering its code structure, the malware renders standard blocklists ineffective. Security teams have observed numerous unique SHA256 hashes associated with this single campaign, complicating mitigation efforts.

This level of sophistication suggests the attackers are using automated “builders” to mass-produce undetectable variants, allowing the threat to slip past defenses that would typically catch older, static versions of the stealer. Users must remain vigilant against this evolving danger.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.