Integrate ANY.RUN solutions into your company:  https://any.run/enterprise/?utm_source=eric_parker&utm_medium=video&utm_campaign=macos&utm_content=enterprise&utm_term=140326#contact-sales 
Official Discord Server - https://discord.gg/cqqWYDdcBn
Follow me on X - https://www.twitter.com/ericparker | atericparker.bsky.social

Mac Fake OBS Run: https://app.any.run/tasks/f96b8608-8a80-40fb-b9ee-fe8ce4a736ab
Windows Fake OBS RUN: https://app.any.run/tasks/2bf4a6e5-6895-4e17-88cc-d5b86ceb19f2

Disclaimer: The content in this video is for education and entertainment purposes to showcase the dangers of malware & malicious software. I do not encourage any form of illegal hacking or piracy.



(C) Eric Parker 2026

Eric Parker

A fake OBS Studio website served via Bing Ads delivers malware that silently installs ScreenConnect (a remote management tool) alongside the real OBS installer to avoid suspicion, while also establishing registry persistence. The Windows payload is stealthy enough that a casual user would likely not notice. The Mac version of the same malware is far less stealthy due to macOS Gatekeeper and permission prompts. A second Mac-targeting payload is also analyzed — a crypto scam that exfiltrates the user's keychain database. Key takeaway: Windows malware has equal-privilege access to all running programs, while macOS requires elevation tricks or exploits, offering some security advantage but not immunity.

What this "OBS Studio" is really doing?