A new variant of the MacSync malware is posing a serious threat to macOS security by bypassing Apple’s Gatekeeper protection. Security researchers found that this version uses a digitally signed and notarized Swift application to deliver malicious code without triggering the usual security warnings.
Unlike older malware that tricked users into entering commands or dragging files into the Terminal, this updated MacSync dropper comes packaged in a disk image that looks like legitimate software. Because the app is signed and notarized, Gatekeeper does not block it, allowing the malware to run more easily on vulnerable Macs.
Once executed, the malware can install a stealer component in the background. This type of malware is designed to collect sensitive information like passwords, keychain credentials, browser data, and even cryptocurrency wallet details.
Experts warn that the rise of signed malware variants marks a shift in how attackers target Apple systems. Users are urged to download software only from the Mac App Store or verified developer sites and to keep macOS updated to reduce risk.
#MalwarePrevention
#MacSync
#macOS
#Gatekeeper
#Malware
#MacSecurity
#CyberThreat
#Stealer
#SignedApp
#NotarizedApp
#CredentialTheft
#DataSecurity
#AppleThreat
