This technical analysis outlines a macOS Shub Stealer infection occurring on May 8, 2026. The compromise follows a social engineering path where a Google search leads users to a malicious Google Drive document, which then redirects to a fraudulent "Download for macOS" landing page. The victim is then prompted to manually execute a script via their terminal, initiating the malware's deployment.
The report highlights key forensic artifacts, including specific log files generated during the infection and network traffic captured in Wireshark. For deep-dive investigation, the author has provided associated IOCs, packet captures (pcap), and the malware samples themselves, allowing analysts to examine the exfiltration methods used by this infostealer.