After exclusively sharing details with 9to5Mac last September on ModStealer , a cross-platform infostealer invisible to every major antivirus engine at the time, Mosyle , a leader in Apple device management and security, is back with two more macOS threats that are flying completely under the radar. In new details again shared with 9to5Mac , the Mosyle Security Research Team says it has identified two previously undetected samples: Phoenix Worm, a cross-platform stager, and ShadeStager, a modular macOS implant built for credential theft. The two aren’t directly connected in how they work, but together show just how sophisticated Mac malware is getting. The timing here tracks with what the rest of the industry has been seeing. As I previously reported , infostealers and trojans like Atomic Stealer have been the dominant malware story on Mac for the past year, with attackers shifting away from noisy smash and grab attacks toward persistence. Phoenix Worm and ShadeStager are exactly that.…