Microsoft discovers attackers using fake guidelines to steal encrypted wallets

According to Cryptopolitan, Microsoft's security research team has found that attackers have been using fake macOS troubleshooting guides since the end of 2025 to induce users to run malicious commands and steal encrypted wallets, iCloud data, and browser passwords. These guidelines are published on platforms such as Medium, Craft, and Squarespace, using common issues such as freeing disk space or fixing system errors to induce users to copy and execute malicious commands, bypassing macOS Gatekeeper security mechanisms.