Threat actors were observed targeting cryptocurrency wallets through a fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.