EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

New malware campaigns target Linux, Windows, and macOS with advanced stealth and infostealing tactics

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-06 09:48 UTCUpdated 2026-05-06 15:20 UTC
rss
malwareinfostealerlinuxwindowsmacosremote_access_trojan
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Microsoft Security Blog · News · microsoft.com · 2026-05-06 15:20 UTC
Attackers adopt JavaScript runtime Bun to spread NWHStealer
Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-05-06 12:50 UTC
New malware turns Linux systems into P2P attack networks
CSO Online · News · csoonline.com · 2026-05-06 11:41 UTC
View all evidence
Overview

Recent cybersecurity research reveals multiple sophisticated malware campaigns targeting diverse platforms.

Entities
Trend MicroMicrosoftQuasar Linux RATNWHStealerClickFix campaignMacsyncShub StealerAMOS
Score total
1.36
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • Recent disclosures highlight evolving malware tradecraft across multiple operating systems.
  • Attackers are adopting novel technologies like Bun to enhance malware distribution stealth.
  • MacOS infostealer campaigns are shifting tactics to exploit user trust in utility software.
Why it matters
  • Quasar Linux RAT’s P2P architecture complicates detection and takedown efforts on Linux systems.
  • Use of legitimate platforms and new runtimes like Bun helps malware evade traditional detection on Windows.
  • ClickFix campaign’s trojanized wallets increase risk for macOS users handling cryptocurrencies.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Quasar Linux RAT uses a peer-to-peer mesh network to create resilient Linux infection networks with rootkit and backdoor capabilities
  • Attackers use the JavaScript runtime Bun to distribute the Rust-based NWHStealer infostealer on Windows
  • ClickFix campaign on macOS uses fake utility installers to deliver infostealers that steal sensitive data and replace cryptocurrency wallets with trojanized versions
How sources frame it
  • Trend Micro Researchers: neutral
  • Malwarebytes Threat Analysis: neutral
  • Microsoft Defender Security Research Team: neutral
All evidence
All evidence
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
Microsoft Security Blog · microsoft.com · 2026-05-06 15:20 UTC
Attackers adopt JavaScript runtime Bun to spread NWHStealer
Malwarebytes Threat Analysis · malwarebytes.com · 2026-05-06 12:50 UTC
New malware turns Linux systems into P2P attack networks
CSO Online · csoonline.com · 2026-05-06 11:41 UTC
Sophisticated Quasar Linux RAT Targets Software Developers
SecurityWeek · securityweek.com · 2026-05-06 09:48 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • Microsoft Security Blog (1)
  • Malwarebytes Threat Analysis (1)
  • CSO Online (1)
  • SecurityWeek (1)
Top origin domains (this list)
  • microsoft.com (1)
  • malwarebytes.com (1)
  • csoonline.com (1)
  • securityweek.com (1)