{"id":133730,"date":"2025-11-19T13:14:34","date_gmt":"2025-11-19T13:14:34","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=133730"},"modified":"2025-11-19T13:14:41","modified_gmt":"2025-11-19T13:14:41","slug":"new-nova-stealer-attacking-macos-users","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/","title":{"rendered":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data"},"content":{"rendered":"\n

A new malware campaign targeting macOS users has emerged with a dangerous focus on cryptocurrency wallet theft.<\/p>\n\n\n\n

The malware, called Nova Stealer, uses a clever approach to trick victims by replacing genuine cryptocurrency applications with fake versions that steal wallet recovery phrases.<\/p>\n\n\n\n

This bash-based stealer has been identified attacking users of popular cryptocurrency wallets, including Ledger Live, Trezor Suite, and Exodus.<\/p>\n\n\n\n

The attack starts when an unknown dropper downloads and runs a script called mdriversinstall.sh<\/code> from the command-and-control server at hxxps:\/\/ovalresponsibility[.]com\/mdriversinstall[.]sh<\/code>.<\/p>\n\n\n\n

This initial script creates a hidden directory at ~\/.mdrivers<\/code> and installs several component,s including a script manager and launcher.<\/p>\n\n\n\n

The malware generates a unique user ID using the uuidgen<\/code> command and stores it in ~\/.mdrivers\/user_id.txt<\/code> to track infected systems.<\/p>\n\n\n\n

BruceKetta.space security researchers identified<\/a> the Nova Stealer campaign and noted its modular design. The malware uses an orchestrator script called mdriversmngr.sh<\/code> that downloads additional modules from the command-and-control server.<\/p>\n\n\n\n

These modules come encoded in base64 format and are stored under ~\/.mdrivers\/scripts<\/code>. The malware achieves persistence by creating a LaunchAgent plist file labeled application.com.artificialintelligence<\/code> that ensures the scripts run automatically at every system startup.<\/p>\n\n\n\n

One particularly interesting technique used by Nova Stealer<\/a> is running scripts inside detached screen sessions using the command screen -dmS <name> <path><\/code>.<\/p>\n\n\n\n

This approach keeps the malicious processes running independently in the background, hidden from the user’s view. The processes even survive when users log out because they run as daemon sessions with the -dmS<\/code> flag.<\/p>\n\n\n\n

Application Swapping and Seed Phrase Theft<\/strong><\/h2>\n\n\n\n

Nova Stealer’s most dangerous capability involves swapping legitimate cryptocurrency wallet<\/a> applications with fake versions.<\/p>\n\n\n\n

The malware component mdriversswaps.sh<\/code> detects if Ledger Live or Trezor Suite are installed on the system by checking paths in \/Applications\/<\/code>.<\/p>\n\n\n\n

When found, the script removes the original applications using rm -rf<\/code> and deletes their Launchpad database entries through SQLite commands like DELETE FROM apps\/items where title or ids match<\/code>.<\/p>\n\n\n

\n
\"Nova
Nova (Source – BruceKetta.space)<\/figcaption><\/figure><\/div>\n\n\n

The malware then downloads malicious replacement applications from specific domains, including hxxps:\/\/wheelchairmoments[.]com<\/code> for fake Ledger Live and hxxps:\/\/sunrisefootball[.]com<\/code> for fake Trezor Suite.<\/p>\n\n\n\n

These ZIP archives are saved to ~\/Library\/LaunchAgents\/<\/code> and extracted to replace the original applications. The malware modifies the Dock configuration using \/usr\/libexec\/PlistBuddy<\/code> to delete the old app entry and add a new one pointing to the fake application.<\/p>\n\n\n\n

The fake wallet applications use Swift and WebKit to render phishing pages that look legitimate. When victims open what they believe is their wallet application, they see a recovery interface asking them to enter their seed phrases.<\/p>\n\n\n\n

The malicious JavaScript code<\/a> includes validation against BIP-39 and SLIP-39 word lists to provide auto-complete functionality, making the fake interface feel authentic.<\/p>\n\n\n\n

\"Fake
Fake app execution (Source – BruceKetta.space)<\/figcaption><\/figure>\n\n\n\n

As users type their recovery words, the data is sent to endpoints \/seed<\/code> and \/seed2<\/code> with a 200-400ms delay after each keystroke, allowing attackers to capture partial phrases in real-time without waiting for final submission.<\/p>\n\n\n\n

Nova Stealer also runs dedicated exfiltration modules. The mdriversfiles.sh<\/code> component searches for and steals wallet files, including Trezor IndexedDB logs, Exodus files like passphrase.json<\/code> and seed.seco<\/code>, and Ledger’s app.json<\/code>.<\/p>\n\n\n\n

These files are uploaded to the command-and-control server every 20 hours using binary POST requests. Additionally, mdriversmetrics.sh<\/code> collects system information, including installed applications, running processes, and Dock items, to help attackers profile victims and improve their campaigns.<\/p>\n\n\n\n

Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

A new malware campaign targeting macOS users has emerged with a dangerous focus on cryptocurrency wallet theft. The malware, called Nova Stealer, uses a clever approach to trick victims by replacing genuine cryptocurrency applications with fake versions that steal wallet recovery phrases. This bash-based stealer has been identified attacking users of popular cryptocurrency wallets, including […]<\/p>\n","protected":false},"author":6,"featured_media":133793,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-133730","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"\nNew Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data<\/title>\n<meta name=\"description\" content=\"Nova Stealer targets macOS users by swapping real crypto apps with fake ones to steal wallet phrases, hitting Ledger, Trezor, and Exodus.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data\" \/>\n<meta property=\"og:description\" content=\"Nova Stealer targets macOS users by swapping real crypto apps with fake ones to steal wallet phrases, hitting Ledger, Trezor, and Exodus.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-19T13:14:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T13:14:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data","description":"Nova Stealer targets macOS users by swapping real crypto apps with fake ones to steal wallet phrases, hitting Ledger, Trezor, and Exodus.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/","og_locale":"en_US","og_type":"article","og_title":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data","og_description":"Nova Stealer targets macOS users by swapping real crypto apps with fake ones to steal wallet phrases, hitting Ledger, Trezor, and Exodus.","og_url":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-19T13:14:34+00:00","article_modified_time":"2025-11-19T13:14:41+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data","datePublished":"2025-11-19T13:14:34+00:00","dateModified":"2025-11-19T13:14:41+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/"},"wordCount":546,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/","url":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/","name":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-19T13:14:34+00:00","dateModified":"2025-11-19T13:14:41+00:00","description":"Nova Stealer targets macOS users by swapping real crypto apps with fake ones to steal wallet phrases, hitting Ledger, Trezor, and Exodus.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/new-nova-stealer-attacking-macos-users\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhy47bkWSpunhx2H3Yc68U8Jqs3K86iyKgTUHZqgNDhfMyI_cA9af_M-9rHhkQnaDF3akvxM9dDB0nO9MIGUDsuuH9F7oJQU_Lhqlo3Ol8SMEAZzax2YMbACTJOp4PZVirom4Ay25jQtax_stnnZhrY-TCmQr3gvQ1h47qhTwndKGVEx5BClpID5JiZmw0\/s16000\/New%20Nova%20Stealer%20Attacking%20macOS%20Users%20by%20Swapping%20Legitimate%20Apps%20to%20Steal%20Cryptocurrency%20Wallet%20Data.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=133730"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133730\/revisions"}],"predecessor-version":[{"id":133792,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133730\/revisions\/133792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/133793"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=133730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=133730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=133730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}