← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
“Say My Name”: How MioLab is building MacOS Stealer Empire
WHITE MioLab AlienVault 2026-04-30 Modified: 2026-05-04
85
IOCs
HIGH VOLUME
MioLab, also known as Nova, is a sophisticated Malware-as-a-Service platform targeting macOS environments, heavily advertised on Russian-speaking underground forums. The platform features extensive data exfiltration capabilities, including browser credential theft, cryptocurrency wallet targeting (supporting over 200 browser extensions and 50+ desktop wallets), and a premium module specifically designed to compromise Ledger and Trezor hardware wallets by intercepting 24-word BIP39 recovery seed phrases. The lightweight C-based payload supports both Intel and Apple Silicon architectures across macOS versions from Sierra to Tahoe. MioLab employs sophisticated social engineering through customizable DMG builders with live preview features, fake system prompts, and ClickFix integration. Recent updates demonstrate rapid development, including Safari cookie grabbing, automated Apple Notes decryption, and universal hardware wallet modules. The operation utilizes bulletproof hosting services and shares infrastruct...
macos stealerclickfixmaas platformcryptocurrency theftbulletproof hostingmiolab
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MioLab SUPERNOVA - S0578
Indicators of Compromise (85)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2422f04227fa86a149aed35d82f9a7fc 2026-04-30
FileHash-MD5 581f43161c591c43a3beb6d8e65b091a 2026-04-30
FileHash-MD5 5c1cd6b18d9cdb7a682560518f0438cc 2026-04-30
FileHash-MD5 822c45a52cad26af77ea25f121724999 2026-04-30
FileHash-MD5 c8678739a0301fc2a46bbc7ed8629386 2026-04-30
FileHash-MD5 eeaba83f9e5a3922b02ba178c4ae445e 2026-04-30
FileHash-SHA1 138077b20c1886d0057983648c83deff9542a3cd 2026-04-30
FileHash-SHA1 521d6be1f630f4f8b21d57d1284b68ecc8fc9ad3 2026-04-30
FileHash-SHA1 65c1d23ca72d3699a382632db132352784999ab8 2026-04-30
FileHash-SHA1 a8bb4b2c94187c91cd2cf62b23c2732625daff70 2026-04-30
FileHash-SHA1 b18632cfdd732953bd5e13baba3bf11c84cc37f9 2026-04-30
FileHash-SHA256 1b38274f279c7c9aa8d45ac028b33bbf25861d706d10ecf017aa502a216cafbb 2026-04-30
FileHash-SHA256 2551e64498ed723fa2b258c9134ee299308ef91c82e14b9e873fc06dddb8f3f4 2026-04-30
FileHash-SHA256 2c54e32bde2960344f0270c76c9616741c2947b6f3311424b8220d8c95c3664f 2026-04-30
FileHash-SHA256 32c135068c2070c7821f7c7a325ab1350cc207bfba978cdc1c6f5ba0bae46e4e 2026-04-30
FileHash-SHA256 a24c82c2c4db20baef8998cb3c4935b74e83fec1a6c0e6bfcc64f4af19507b9c 2026-04-30
URL http://mioisiskwowiwjowuwjwolab.club/login 2026-04-30
URL https://bruceketta.space/posts/nova-script-251110/ 2026-04-30
URL https://decodecybercrime.com/mapping-defhost-an-investigation-into-femo-it-solutions-limited-as214351/ 2026-04-30
URL https://socifiapp.com 2026-04-30
URL https://socifiapp.com/api/reports/upload 2026-04-30
domain adjustservices.com 2026-04-30
domain approvalmechanism.com 2026-04-30
domain approve-me.com 2026-04-30
domain approvecommand.com 2026-04-30
domain automatic-approval.com 2026-04-30
domain blindsettlement.com 2026-04-30
domain bothnationaldomainzones.com 2026-04-30
domain bruceketta.space 2026-04-30
domain bucketowlsummary.com 2026-04-30
domain captainnose.com 2026-04-30
domain carrotvegetable.com 2026-04-30
domain certainstoragefeel.com 2026-04-30
domain charitydome.com 2026-04-30
domain chopaquarium.com 2026-04-30
domain command-confirm.com 2026-04-30
domain command-distributor.com 2026-04-30
domain commerceapprove.com 2026-04-30
domain confirm-protocol.com 2026-04-30
domain cucumbernonsense.com 2026-04-30
domain decline.top 2026-04-30
domain decodecybercrime.com 2026-04-30
domain displacehaircut.com 2026-04-30
domain establishtransmission.com 2026-04-30
domain flexiblefinger.com 2026-04-30
domain formalpyramid.com 2026-04-30
domain frontbottle.com 2026-04-30
domain frozenlilytaxi.com 2026-04-30
domain horsemanufacturer.com 2026-04-30
domain http.host 2026-04-30
domain importantsquash.com 2026-04-30
domain insightvariety.com 2026-04-30
domain itemvalidation.com 2026-04-30
domain macosdev.world 2026-04-30
domain marinemember.com 2026-04-30
domain memorialapetite.com 2026-04-30
domain mioisiskwowiwjowuwjwolab.club 2026-04-30
domain officerelaxation.com 2026-04-30
domain ovalresponsibility.com 2026-04-30
domain owqkoqoqoqoqoqqoqoo.info 2026-04-30
domain peaceofmindzone.com 2026-04-30
domain playavalon.org 2026-04-30
domain registrationprotocol.com 2026-04-30
domain respectableneedle.com 2026-04-30
domain revisemodule.com 2026-04-30
domain rocqwkeorkcowqkrcw.icu 2026-04-30
domain sculpturecherry.com 2026-04-30
domain signaturemodule.com 2026-04-30
domain singleenvironment.com 2026-04-30
domain socifiapp.com 2026-04-30
domain standardpoetry.com 2026-04-30
domain stringmotivation.com 2026-04-30
domain structurecarry.com 2026-04-30
domain sunrisefootball.com 2026-04-30
domain talentedfrog.com 2026-04-30
domain technicalposition.com 2026-04-30
domain terminalconfirm.com 2026-04-30
domain terminalsignature.com 2026-04-30
domain trackperformer.com 2026-04-30
domain usefuldrum.com 2026-04-30
domain weetspace.com 2026-04-30
domain welldrawer.com 2026-04-30
domain wheelchairmoments.com 2026-04-30
domain wtkqwctkow.icu 2026-04-30
domain zynce.org 2026-04-30
References (1)
↗ https://www.levelblue.com/blogs/spiderlabs-blog/say-my-name-how-miolab-is-building-macos-stealer-empire