Since Apple removed the popular “right-click and open” Gatekeeper override in August 2024, threat actors have shifted their tactics to deliver malware on macOS.
Among emerging techniques, attackers are increasingly leveraging AppleScript (.scpt) files to bypass security controls and distribute credential stealers often disguised as legitimate software updates from popular applications such as Zoom and Microsoft Teams.
Apple’s removal of the Gatekeeper override eliminated one of the most effective infection vectors for macOS malware.
https://gbhackers.com/macos-malware-3/