Mastodawn

New #MacSync #malware dropper evades #macOS #Gatekeeper checks

https://www.bleepingcomputer.com/news/security/new-macsync-malware-dropper-evades-macos-gatekeeper-checks/

New MacSync malware dropper evades macOS Gatekeeper checks

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application.

BleepingComputer

Brad Dec 23

2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: https://app.any.run/tasks/afd3ae74-2976-492b-a3c0-6e19e9127f68

Rene Robichaud Dec 23

MacOS : cette nouvelle version du malware MacSync contourne la sécurité de Gatekeeper
https://www.it-connect.fr/macos-nouvelle-version-du-malware-macsync-contourne-gatekeeper/

#Infosec #Security #Cybersecurity #CeptBiro #MacOS #Malware #MacSync #Gatekeeper

MacOS : cette version du malware MacSync contourne Gatekeeper

MacOS a été pris pour cible par une nouvelle variante du logiciel malveillant MacSync capable de contourner Gatekeeper, grâce à une application Swift signée.

IT-Connect

Rene Robichaud Dec 23

New MacSync malware dropper evades macOS Gatekeeper checks
https://www.bleepingcomputer.com/news/security/new-macsync-malware-dropper-evades-macos-gatekeeper-checks/

#Infosec #Security #Cybersecurity #CeptBiro #MacSync #Malware #macOS #GatekeeperChecks