TLDR
A fraudulent website impersonating the legitimate BlueWallet Bitcoin wallet is targeting Mac users with a convincing download page. The site at update bluewallet[.]com delivers a file called BlueWallet Installer.applescript and walks the...
How it works
A fraudulent website impersonating the legitimate BlueWallet Bitcoin wallet is targeting Mac users with a convincing download page. The site at update bluewallet[.]com delivers a file called BlueWallet Installer.applescript and walks the...
Red flags
- A wallet site that asks you to open a downloaded file in a scripting tool and press "Run". Look alike domain (update bluewallet[.]com) close to the real bluewallet.io. Any crypto transaction where the destination address was not verified character by character
What to do
- 1If you ran the file, disconnect the Mac from the network and run a full scan with updated security software. From a clean device, rotate passwords (email first), move crypto to a new wallet on a clean device, and treat seed phrases as exposed. Wipe and reinstall macOS from a known good source rather than attempting in place cleanup
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-bluewallet-steals-passwords-accounts-and-crypto-from-macsFAQ
Is Fake BlueWallet site tricks Mac users into running password and crypto stealing AppleScript a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
A wallet site that asks you to open a downloaded file in a scripting tool and press "Run". Look alike domain (update bluewallet[.]com) close to the real bluewallet.io. Any crypto transaction where the destination address was not verified character by character
What should I do first?
If you ran the file, disconnect the Mac from the network and run a full scan with updated security software. From a clean device, rotate passwords (email first), move crypto to a new wallet on a clean device, and treat seed phrases as exposed. Wipe and reinstall macOS from a known good source rather than attempting in place cleanup
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.