TechFlow reports that on April 22, SlowMist TI Alert stated MistEye had received community-sourced threat intelligence regarding an active macOS information-stealing malware named “MacSync Stealer” (v1.1.2). This malware targets macOS users and is capable of stealing cryptocurrency wallets, browser credentials, the system keychain, and infrastructure keys (SSH / AWS / K8s). It employs a spoofed AppleScript system dialog to trick users into entering their login password. After data exfiltration, it displays a fake “Not Supported” error message. SlowMist has shared relevant IOCs with its customers and urges users not to execute unverified macOS scripts and to remain vigilant against unusual system password prompts.
Add to Favorites
Share to Social Media
