How RISX works

We index publicly reported online financial fraud from Indian national media, regulator advisories, and official channels.
Each alert is structured into plain-language intelligence — what happened, who was affected, risk indicators, and source links when available.
Check clues, explore patterns and geography, and review trends — research, analytics, and education in one public platform.

Our methodology & sources · Public risk intelligence from open reporting — not a bank helpline or real-time blocklist.

Already lost money or shared OTP? Call within 24 hours so the bank can try to freeze the money.

Call 1930 Safety guide

Email a source

macOS Faces Rising Threat As Attackers Weaponize AppleScript Files | Fraud Alert | RISX by Kncok

macOS Faces Rising Threat As Attackers Weaponize AppleScript Files

Source linkedAuthentic

Source: The 420

This page summarises the reported incident in plain language — what happened, who may be affected, and what to watch for before trusting a message, call, or link.

This is a summary of a reported incident, not a verdict. Read the disclaimer.

Read original report

The 420

If this just happened to you

Do these steps in order. Speed matters.

Stop the call or chat. Do not click more links or send money.
Call your bank's official helpline (on your card or the bank website) and ask to block cards and freeze transfers.
Call 1930 within 24 hours and file a complaint at cybercrime.gov.in.
Save evidence — screenshots, numbers, links, and messages.

More reporting channels and helplines are below. Full reporting channels & helplines →

What happened

Security researchers have identified a concerning shift in macOS threats as criminals repurpose AppleScript (.scpt) files to deliver malware. These files mimic everyday documents or updates, using cus...

Where this report came from

RISX summarises public reporting into plain language. Always check the original — wording and dates may change after publication.

Last updated from feed: 13 November 2025 at 05:00 am

The 420
https://the420.in/macos-applescript-scpt-malware-disguised-documents-fake-installers-threat/

Report details

Published on

13 November 2025 at 05:00 am

Reported by

The 420

Reported

fake app

Common scam keywords

Words and phrases scammers use in this kind of scam. If you see them in a message, treat it as a .

applescript malwaredisguised documentsfake installersscpt file abusecustom icon spoofingscript editor exploitationzoom update scammicrosoft teams update scamcredential stealerdocument impersonation

Topics

social engineering phishing malware macos targeting document impersonation zero detection rate credential theft cybersecurity threat

(numbers, IDs, links, domains)

Specific things tied to this scam. Tap any item to see other alerts where it appears.

Apeiron_Token_Transfer_Proposal.docx.scpt Stable1_Investment_Proposal.pptx.scpt Zoom_SDK_Update.scpt MSTeamsUpdate.scpt InstallSoftZone.scpt 888.scpt MacSync (malware family)Odyssey Stealer (malware family)

What to do for this type of scam

Use this if you got similar messages or may have already lost money. Check red flags first, then first-hour steps.

Red flags for this scam type
If affected — first steps
Official reporting channels & helplines

Red flags this scam usually shows

If a message, call, or page involves any of these, treat it as suspicious — even if it looks like the alert above.

Pushes you to act in a hurry
Real organizations give you time. Threats like 'your account will be closed in 30 minutes' are designed to panic you into mistakes.
Asks for OTP, PIN, CVV, or password
Banks, UPI apps, government offices, and police never ask for these. Anyone asking is trying to steal your money.
Sends you a link or APK to install
Tapping unknown links or installing unverified apps can give scammers full access to your phone and bank accounts.
Asks for an advance, processing fee, or 'refund tax'
Real refunds, prizes, jobs, or loans never require you to pay first. If you must pay to receive something, it is a scam.
Offer sounds too good to be true
Huge cashback, guaranteed jobs, lottery wins, or sky-high returns are classic bait. If it feels unreal, it is.

Time-sensitive

If you were affected by this scam

First-hour steps — the crisis box above covers the emergency call to 1930.

Stop the call or chat right now
Hang up, leave the chat, and do not click any more links. Every extra minute is more risk. Take a breath; you are not alone in this.
Block your card and freeze the account
Call your bank's official helpline (printed on the back of your card or on the bank's website) and ask them to block the card and temporarily freeze online transactions. Do not call numbers a stranger gave you.
Change passwords and revoke device access
Change passwords for net banking, UPI apps, and email. In your UPI app, remove any 'linked devices' you do not recognize. Turn on two-factor authentication where possible.
Report to the National Cyber Crime Helpline within 24 hours
Call 1930 or file a complaint at cybercrime.gov.in. Reporting within the first 24 hours gives the best chance of freezing the money before it moves.
Open cybercrime.gov.in

Official reporting channels

Use one of these official channels. Official bodies handle recovery — report as early as you can.

National Cyber Crime Helpline
Start here
First call for any online financial fraud. Operators help you file a complaint and can request banks to freeze the recipient account.
Call 1930 Open website24x7
cybercrime.gov.in
Official portal of the Government of India to report cyber crime, including financial fraud, social media misuse, and crimes against women and children.
Open websiteOnline, anytime
Sanchar Saathi - Chakshu
Report suspicious calls and SMS that look like fraud. Run by the Department of Telecommunications.
Open websiteOnline, anytime

Official channels only. RISX is independent and does not receive payment for these listings.

Share a fraud warning

Forward a concise, factual warning. Colleagues and family who do not follow fraud news still need plain context.

Ready to send

Takes about 30 seconds

Scam alert: AppleScript Malware Disguised as Documents Security researchers have identified a concerning shift in macOS threats as criminals repurpose AppleScript (.scpt) files to deliver malware. What to do: • Never share OTP, PIN, or passwords with anyone. • Do not click unknown links or install apps a stranger asks you to. • If you think you’ve been targeted, call 1930 within 24 hours. More details and how to protect yourself: https://risx.kncok.com/alerts/691a246496cb378c1fc386b6

Share on WhatsApp

This alert summarises a publicly reported incident — it is not a verdict. If something here is wrong, outdated, or unfair, report an error or request removal. See our Grievance Redressal process.

Methodology & sourcesWhere alerts come from, how we source and structure them, and what we do not claim.Read

macOS Faces Rising Threat As Attackers Weaponize AppleScript Files

Source linkedAuthentic

Source: The 420

This page summarises the reported incident in plain language — what happened, who may be affected, and what to watch for before trusting a message, call, or link.

This is a summary of a reported incident, not a verdict. Read the disclaimer.

Read original report

The 420

If this just happened to you

Do these steps in order. Speed matters.

Stop the call or chat. Do not click more links or send money.
Call your bank's official helpline (on your card or the bank website) and ask to block cards and freeze transfers.
Call 1930 within 24 hours and file a complaint at cybercrime.gov.in.
Save evidence — screenshots, numbers, links, and messages.

More reporting channels and helplines are below. Full reporting channels & helplines →

What happened

Where this report came from

RISX summarises public reporting into plain language. Always check the original — wording and dates may change after publication.

Last updated from feed: 13 November 2025 at 05:00 am

The 420
https://the420.in/macos-applescript-scpt-malware-disguised-documents-fake-installers-threat/

Report details

Published on

13 November 2025 at 05:00 am

Reported by

The 420

Reported

fake app

Common scam keywords

Words and phrases scammers use in this kind of scam. If you see them in a message, treat it as a .

applescript malwaredisguised documentsfake installersscpt file abusecustom icon spoofingscript editor exploitationzoom update scammicrosoft teams update scamcredential stealerdocument impersonation

Topics

social engineering phishing malware macos targeting document impersonation zero detection rate credential theft cybersecurity threat

(numbers, IDs, links, domains)

Specific things tied to this scam. Tap any item to see other alerts where it appears.

What to do for this type of scam

Use this if you got similar messages or may have already lost money. Check red flags first, then first-hour steps.

Red flags for this scam type
If affected — first steps
Official reporting channels & helplines

Red flags this scam usually shows

If a message, call, or page involves any of these, treat it as suspicious — even if it looks like the alert above.

Pushes you to act in a hurry
Real organizations give you time. Threats like 'your account will be closed in 30 minutes' are designed to panic you into mistakes.
Asks for OTP, PIN, CVV, or password
Banks, UPI apps, government offices, and police never ask for these. Anyone asking is trying to steal your money.
Sends you a link or APK to install
Tapping unknown links or installing unverified apps can give scammers full access to your phone and bank accounts.
Asks for an advance, processing fee, or 'refund tax'
Real refunds, prizes, jobs, or loans never require you to pay first. If you must pay to receive something, it is a scam.
Offer sounds too good to be true
Huge cashback, guaranteed jobs, lottery wins, or sky-high returns are classic bait. If it feels unreal, it is.

Time-sensitive

If you were affected by this scam

First-hour steps — the crisis box above covers the emergency call to 1930.

Stop the call or chat right now
Hang up, leave the chat, and do not click any more links. Every extra minute is more risk. Take a breath; you are not alone in this.
Block your card and freeze the account
Call your bank's official helpline (printed on the back of your card or on the bank's website) and ask them to block the card and temporarily freeze online transactions. Do not call numbers a stranger gave you.
Change passwords and revoke device access
Change passwords for net banking, UPI apps, and email. In your UPI app, remove any 'linked devices' you do not recognize. Turn on two-factor authentication where possible.
Report to the National Cyber Crime Helpline within 24 hours
Call 1930 or file a complaint at cybercrime.gov.in. Reporting within the first 24 hours gives the best chance of freezing the money before it moves.
Open cybercrime.gov.in

Official reporting channels

Use one of these official channels. Official bodies handle recovery — report as early as you can.

National Cyber Crime Helpline
Start here
First call for any online financial fraud. Operators help you file a complaint and can request banks to freeze the recipient account.
Call 1930 Open website24x7
cybercrime.gov.in
Official portal of the Government of India to report cyber crime, including financial fraud, social media misuse, and crimes against women and children.
Open websiteOnline, anytime
Sanchar Saathi - Chakshu
Report suspicious calls and SMS that look like fraud. Run by the Department of Telecommunications.
Open websiteOnline, anytime

Official channels only. RISX is independent and does not receive payment for these listings.

Share a fraud warning

Forward a concise, factual warning. Colleagues and family who do not follow fraud news still need plain context.

Ready to send

Takes about 30 seconds

Share on WhatsApp

This alert summarises a publicly reported incident — it is not a verdict. If something here is wrong, outdated, or unfair, report an error or request removal. See our Grievance Redressal process.

Methodology & sourcesWhere alerts come from, how we source and structure them, and what we do not claim.Read

How RISX works

macOS Faces Rising Threat As Attackers Weaponize AppleScript Files

What happened

Where this report came from

Report details

Common scam keywords

Topics

Clues from alerts (numbers, IDs, links, domains)

macOS Faces Rising Threat As Attackers Weaponize AppleScript Files

What happened

Where this report came from

Report details

Common scam keywords

Topics

Clues from alerts (numbers, IDs, links, domains)

(numbers, IDs, links, domains)

(numbers, IDs, links, domains)