Jamf Threat Labs Identifies MacSync Malware Bypassing macOS Gatekeeper

SlowMist’s latest findings reveal MacSync Stealer now uses notarized Apple code to bypass security and steal browser, account, and crypto wallet data from macOS systems.

78d ago

Summary

SlowMist’s CISO 23pds reported an evolved MacSync Stealer malware variant targeting macOS. The new notarized Swift app leverages Apple code signing to bypass Gatekeeper, enabling remote script execution. It can extract browser credentials, account information, and cryptocurrency wallet data, expanding on previous capabilities such as iCloud keychain theft. The malware’s advanced evasion techniques increase its threat profile to macOS users.

Terms & Concepts

macOS Gatekeeper: An Apple security feature that verifies downloaded apps, ensuring they are from identified developers and free from malicious code.
Apple code signing: A process where apps are digitally signed by Apple to verify their authenticity and integrity.
Cryptocurrency wallets: Software or hardware tools for storing and managing digital currencies like Bitcoin and Ethereum.