MacSync Stealer: SEO Poisoning and ClickFix-Based macOS Malware Delivery Chain CloudSEK researchers uncovered a multi-stage macOS campaign that uses SEO poisoning and ClickFix-style social engineering to trick users into running a malicious Terminal command which installs a staged loader and an AppleScript information stealer. The malware harvests browser credentials, cryptocurrency wallets, SSH keys, cloud configs and files, exfiltrates data via chunked HTTP PUT to attacker infrastructure, and can modify Ledger Live to enable transaction manipulation and persistence. #MacSyncStealer #LedgerLive

A new macOS malware campaign, MacSync Stealer, leverages SEO poisoning and ClickFix-style tricks to deliver a staged loader and AppleScript stealer targeting browser credentials, crypto wallets, and Ledger Live apps. #MacSyncStealer #AppleScript

Malvertising gegen Mac-Nutzer über Evernote-Links

@Bitdefender_DE #Cybersecurity #Cybersicherheit #Evernote #GoogleAd #MacsyncStealer @Bitdefender

netzpalaver.de/2026/...

MacSync Stealer, Swift diliyle geliştirilmiş yeni bir varyantla ortaya çıktı - AppleBülteni Daha önceki MacSync Stealer varyantları, kullanıcıyı terminal komutları girmeye veya karmaşık işlemlere zorlarken; Swift diliyle geliştirilen bu yeni varyant,

MacSync Stealer, Swift diliyle geliştirilmiş yeni bir varyantla ortaya çıktı

#malware #MacSyncStealer #stealer #macOS

applebulteni.com/2025/12/30/m...

Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess A new variant of the MacSync Stealer uses a code-signed Swift application to get around Apple's macOS Gatekeeper protections.

Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess >> appleinsider.com/articles/25/... #MacSyncStealer

Jamf identifies the MacSync Stealer malware in the wild, notes its bypassing of Apple’s notifications procedures You might want to be even more careful online until Apple sorts this out. Per AppleInsider, a new variant of the MacSync Stealer malware uses a code-signed Swift application to get around Apple’s…

Jamf identifies the MacSync Stealer malware in the wild, notes its bypassing of Apple's notifications procedures

www.powerpage.org/jamf-identif...

#Apple #Jamf #researchers #privacy #security #malware #hack #MacSyncStealer #notifications #Xprotect #Gatekeeper #research

Downloading the initial file, a DMG image.

Screenshot showing the malicious downloaded DMG image and the associated malicious Mach-O file within the installer.app content.

Traffic generated by the MacSync Stealer malware, filtered in Wireshark.

Example of the data exfiltrated through the MacSync Stealer C2 traffic.

2025-12-23 (Tuesday): Based on yesterday's Jamf article, I ran the fake installer for #MacSyncStealer in my lab on a macOS host. A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/i...

New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Macbook users watch out! New MacSync Stealer malware is slipping past Apple’s notarization, disguised as a trusted app and stealing saved passwords from macOS devices, experts warn.

Read: hackread.com/macsync-stea...

#Malware #Apple #CyberSecurity #macOS #MacSyncStealer

macOS 15 aggirato da variante malware MacSync Stealer
#AppStore #Apple #CyberSecurity #Mac #MacBook #macOS #macOS15 #macOSGatekeeper #MacSyncStealer #Malware #Sicurezza
www.ceotech.it/macos-15-agg...

Jamf Threat Labs informa sobre una variante del malware MacSync Stealer Jamf Threat Labs informa sobre una variante del malware MacSync Stealer

El equipo de #JamfThreatLabs informa sobre una variante del malware #MacSyncStealer

#malware #macOS #ciberseguridad

mecambioamac.com/jamf-threat-...

New Mac malware just dropped!

MacSync Stealer variant bypasses Apple malware protections

buff.ly/15WvyiJ

#MacSyncStealer #Apple #Mac #Malware #Vulnerability #Security #Privacy #Tech