Jamf Threat Labs reports on variant of the MacSync Stealer malware

Jamf Threat Labs has published a report about a new notarized MacSync Stealer malware.

Specifically, Jamf Threat Labs observed a signed and notarized stealer that didn’t follow the typical execution chains we have seen in the past. The sample in question looked highly similar to past variants of the increasingly active MacSync Stealer malware but was revamped in its design.

Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more deceptive, hands-off approach.

Interestingly, Jamf Threat Labs has also observed the Odyssey infostealer adopting similar distribution methods in recent variants. Surprisingly, the familiar right-click open instruction is

still present in this sample even though the executable is signed and does not require this step, the group reports.

Article provided with permission from AppleWorld.Today

Jamf Threat Labs reports on variant of the MacSync Stealer malware

Like this:

Related

About The Author

Dennis Sellers

Jamf Threat Labs reports on variant of the MacSync Stealer malware

Share this:

Like this:

Related

About The Author

Dennis Sellers

Related Posts

TranslateIt! for Mac OS X updated to version 14

Apple TV+ plans four-part documentary series about FIFA champion Lionel Messi

iWebTemplate releases five new iWeb themes

QuickerTek: AirPort Amplifier for Apple iBooks