SlowMist Warns MacSync Stealer v1.1.2 Is Targeting macOS Crypto Wallets

According to SlowMist CSO 23pds, MioLab is a commercialized macOS malware-as-a-service platform promoted on Russian-language underground forums with crypto-theft modules targeting Ledger and Trezor wallets.

38d ago

Summary

SlowMist said MacSync Stealer v1.1.2 is actively spreading and targeting macOS users by stealing crypto wallets, browser credentials, Keychain data, and SSH, AWS, and K8s keys. The security firm said the malware uses fake AppleScript system prompts to harvest passwords, then displays a false “system not supported” error after data exfiltration. In a new update, SlowMist CSO 23pds said MioLab is a commercialized macOS malware-as-a-service platform advertised on Russian-language underground forums, offering C2 control, API integration, and modules aimed at stealing crypto assets from Ledger and Trezor hardware wallets.

Terms & Concepts

AppleScript: A macOS automation scripting language that can be abused to display convincing fake system prompts for phishing.
C2 control: Short for command-and-control, the remote infrastructure attackers use to manage infected devices and receive stolen data.
Ledger: A hardware wallet brand used to store crypto assets offline; malware targeting it seeks to steal wallet-related data or access.