SlowMist and Chainbase jointly disclose that a phishing attack targeting macOS Token Vesting is spreading. Attackers disguise themselves as emails like 'Audit/Compliance Confirmation' or 'Token Unlock Confirmation,' delivering malicious attachments with double extensions (e.g., .docx.scpt) to trick users into executing scripts. This leads to stealing system passwords, bypassing TCC permissions, and deploying Node.js backdoors. The security team reminds everyone: if you've opened the attachment or entered your password, disconnect from the internet immediately and check your system. https://www.(wublock123.com)/index.php?m=content&c=index&a=show&catid=6&id=56088