GhostClaw turns GitHub habits into a macOS malware pipeline‎

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine install habits make running malware feel completely normal.GhostClaw is spreading across GitHubJamf researchers tracked the campaign's shift from npm packages to GitHub repositories and AI-assisted development environments. The payload, a macOS infostealer, blends into expected behavior rather than exploiting software.Developers regularly pull code from GitHub, follow README instructions, and run install commands without much hesitation. Familiar patterns build trust, and GhostClaw slips directly into that routine. Continue Reading on AppleInsider | Discuss on our Forums