A recent malware campaign targeting macOS users has been identified, leveraging social engineering and the abuse of the macOS Transparency, Consent, and Control (TCC) feature. The primary attack vector begins with a phishing email that entices users to download an AppleScript file disguised as a genuine Microsoft document, titled "Confirmation_Token_Vesting.docx.scpt". This technique is designed to exploit the victim's trust, prompting them to execute the file. The core of the attack utilizes AppleScript as a loader, effectively bypassing traditional security measures by manipulating the TCC authorizations. By doing so, the threat actor is able to achieve persistent access to the compromised network without the need to exploit any inherent software vulnerabilities. This method highlights the risks associated with social engineering and the potential for unauthorized access through trusted user interfaces.