Two newly discovered macOS threats are designed to harvest developer credentials and cloud access as attackers focus on long-term persistence and avoid fast, visible attacks. The Mosyle security research team unveiled their discovery of "Phoenix Worm" and "ShadeStager" on April 22. These two are previously unknown malware that went undetected by antivirus engines at the time of their discovery. While the lack of detection sounds concerning, it's important to remember that new malware often begins with limited or no antivirus coverage before signatures catch up. Together, Phoenix Worm and ShadeStager outline a full attack path that moves from initial system access to deep credential harvesting. One establishes a foothold while the other extracts valuable data once access is in place. How Phoenix Worm malware and ShadeStager work Phoenix Worm operates as a stager built to establish persistence without drawing attention.…