The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

DigitStealer MacOS Infostealer

Dec 1, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, cryptocurrency stealers, DigitStealer, Ledger Live tampering, macOS security bypass, LaunchAgent persistence, anti-VM checks, macOS infostealer, JXA malware, Apple Silicon evasion

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

DigitStealer is a highly evasive macOS information stealer that executes almost entirely in memory, leverages JavaScript for Automation (JXA) and AppleScript, and employs novel hardware-based anti-analysis checks targeting Apple Silicon M2 and newer devices. The campaign demonstrates increasing adversary sophistication through multi-stage payload delivery and abuse of legitimate infrastructure.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More