The threat of macOS infostealers is rapidly maturing, with Malware-as-a-Service offerings now common on underground markets. Separately, a critical flaw in OnePlus OxygenOS (CVE-2025-10184) allows apps to access sensitive SMS data and OTPs without requiring user permissions.