AppleScript - Tool

Threat entity extracted from intelligence sources

Frequency
13
occurrences
First Seen
November 12, 2025
Last Seen
July 3, 2026

AppleScript is a tool tracked across 11 threat clusters and 13 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity July 3, 2026.

Overview

AppleScript is a macOS automation scripting language that enables control of scriptable apps and system actions. While legitimate for task automation, it is increasingly misused by attackers to automate malware delivery and to disguise payloads as legitimate software updates, making it a notable macOS attack vector.

Related Threat Clusters

  • North Korean Sapphire Sleet Targets macOS Users in New Social Engineering Campaign

    A North Korean cybercrime group known as Sapphire Sleet has launched a social engineering campaign targeting macOS users, as reported by Microsoft's Threat Intelligence unit. The campaign involves tricking users into…

    7 articles · Updated April 17, 2026
  • Mini Shai-Hulud Supply Chain Attack Targets SAP npm Packages

    A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…

    685 articles · Updated April 29, 2026
  • PHANTOMPULSE Malware Campaign Exploits Obsidian for Targeted Attacks

    A sophisticated social engineering campaign has been uncovered, targeting individuals in the financial and cryptocurrency sectors through the Obsidian note-taking application. The attackers, posing as representatives of…

    9 articles · Updated April 14, 2026
  • PamStealer: New macOS Infostealer Targets Users via Fake Maccy Manager

    PamStealer is a newly identified macOS infostealer that masquerades as the legitimate Maccy clipboard manager. The malware employs a two-stage attack method, starting with a malicious AppleScript that downloads a…

    55 articles · Updated July 3, 2026
  • AppleScript-Driven macOS Intrusions Exploiting User Deception

    Darktrace's Threat Research team identified a pattern of macOS intrusions leveraging ClickFix-style user deception. Attackers initiated the compromise through user-assisted execution of malicious updates, transitioning…

    2 articles · Updated June 24, 2026
  • Infostealer Campaigns Expand to Target macOS Systems

    Infostealer threats have shifted from primarily targeting Windows to macOS environments, as reported by the Microsoft Defender Security Research Team. Since late 2025, these campaigns have utilized cross-platform…

    13 articles · Updated February 4, 2026
  • North Korean Hackers Use AI Deepfakes in Crypto Attacks

    Google's Mandiant security team reported that North Korean hackers, identified as UNC1069 or 'CryptoCore', are employing AI-generated deepfakes in fraudulent video meetings to target cryptocurrency companies. The…

    20 articles · Updated February 10, 2026
  • AI-Generated React2Shell Malware Discovered by Researchers

    Researchers from Darktrace identified a new malware sample named React2Shell, created using AI and large language models (LLMs). This malware exploits a known vulnerability, allowing less skilled hackers to generate…

    6 articles · Updated February 12, 2026
  • AppleScript Exploited for Malware Distribution on macOS

    Hackers are using AppleScript files to deliver malware disguised as legitimate software updates for Zoom, Microsoft Teams, and Chrome on macOS. This method has emerged as a new attack vector following Apple's removal of…

    1 article · Updated November 12, 2025
  • Google Launches Private AI Compute for Enhanced Data Privacy

    Google has launched Private AI Compute, a technology designed to enhance privacy in cloud AI processing. This solution allows for advanced AI capabilities while ensuring that user data remains secure and private,…

    2 articles · Updated November 13, 2025

Recent Intelligence Reports

  • PamStealer is a new type of of macOS malware — Feeds.4Sysops · July 3, 2026
  • New Mac infostealer confirms stolen passwords before stealing data — Appleinsider · July 2, 2026
  • From Click to Command: Behavioral Detection of AppleScript — Darktrace · June 24, 2026
  • From Click to Command: Behavioral Detection of AppleScript — Darktrace · June 24, 2026
  • North Korean social engineering campaign targets macOS users — Computerweekly · April 17, 2026
  • PhantomPulse RAT via Malicious Obsidian Vaults — Socprime · April 14, 2026
  • Axios Supply Chain Attack Exposes Developers to Hidden Malware — Thecyberexpress · March 31, 2026
  • North Korean hackers use new macOS malware in crypto — Bleepingcomputer · February 10, 2026

CVSS v3.1 Breakdown