BleepingComputer reports that the MacSync information-stealing malware has been distributed through a code-signed and notarized Swift application, removing the necessity for direct terminal interaction and representing a departure from ClicFix or drag-to-terminal tactics previously used to spread the macOS infostealer.Attackers have used an encoded dropper to deliver the latest iteration of MacSync Stealer, which has been enhanced to evade the Gatekeeper security system, according to Jamf researchers. Aside from integrating decoy PDFs to inflate DMG file sizes and removing scripts in the execution chain, the updated MacSync Stealer also checks for internet connectivity prior to execution.MacSync Stealer is a rebrand of threat actor Mentalpositive's Mac.C malware, which was previously noted by MacPaw Moonlock to have enabled the theft of iCloud keychain credentials, system metadata, browser-stored passwords, cryptocurrency wallet information, and filesystem data.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




