Odyssey macOS Stealer Spread via Fake Microsoft Teams Site Targets Cryptocurrency Wallets

Posted: September 08, 2025

Categories: Microsoft, Financial fraud, Fraud Protector

Tags: fp-6d, fp-6a, fp-4c, fp-4a

Author: Npav Lab

Fake Microsoft Teams download page used to spread Odyssey macOS stealer malware

Cybercriminals have launched a new campaign targeting macOS users by impersonating Microsoft Teams via the fake domain teamsonsoft[.]com. When users attempt to download Teams, they’re tricked into running a command that installs the Odyssey stealer malware.

Odyssey steals sensitive data including system info, Chrome keychain credentials, browser cookies, and cryptocurrency wallet details from platforms like MetaMask, Ledger Live, and Trezor Suite. It uses social engineering to gain elevated privileges and replaces legitimate apps with trojanized versions to intercept crypto transactions.

The malware maintains persistence through LaunchDaemons and downloads additional payloads from its command-and-control server. After exfiltrating stolen data, it deletes traces to evade detection.

This sophisticated attack highlights the growing threat to macOS users via trusted brand impersonation. Users should only download software from official sites and avoid running unknown commands. Organizations must deploy advanced endpoint security to detect such threats.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security

Sharing is caring!
Share