logo

macOS Trojan Upgrades: Spreading through Signed App, Encrypting Users Face More Covert Risk

By: theblockbeats.news|2025/12/23 06:46:05
Share
copy

BlockBeats News, December 23, SlowMist Chief Security Officer 23pds shared a post stating that the MacSync Stealer malware active on the macOS platform has undergone significant evolution, with user assets already being stolen. The article shared by him mentioned that from earlier reliance on "drag-and-drop to Terminal" and "ClickFix" and other low-threshold inducement methods, it has upgraded to code signing and through Apple notarized Swift applications, significantly improving its stealthiness.

Researchers found that this sample is being spread in the form of a disk image named zk-call-messenger-installer-3.9.2-lts.dmg, disguised as instant messaging or utility applications to induce users to download. Unlike before, the new version no longer requires any terminal operation by the user but is pulled and executed by a built-in Swift helper from a remote server to complete the information theft process.

This malware has been code signed and notarized by Apple, with the developer team ID being GNJLS3UYZ4, and the related hash has not been revoked by Apple during analysis. This means that it has a higher "trust level" under macOS's default security mechanisms, making it easier to bypass user vigilance. Research also found that the DMG file is unusually large, containing decoy files related to LibreOffice PDFs, among others, to further reduce suspicion.

Security researchers pointed out that such information-stealing trojans often target browser data, account credentials, and cryptocurrency wallet information. As malware begins to systematically abuse Apple's signing and notarization mechanism, cryptocurrency users in the macOS environment are facing an increasing risk of phishing and private key leaks.

Users are strongly advised to ensure that threat prevention and advanced threat control are enabled in Jamf for Mac and set to blocking mode to defend against these latest variants of information-stealing malware.

You may also like

Cybersecurity Firm Warns of Shai-Hulud 3.0 Threatening the NPM Ecosystem

Key Takeaways SlowMist’s CISO has issued a warning about Shai-Hulud 3.0, a significant threat targeting the NPM ecosystem…

SlowMist Warns of Return of Shai-Hulud 3.0 Supply Chain Attack

Key Takeaways SlowMist’s Chief Information Security Officer alerted the community about the resurgence of Shai-Hulud 3.0, an advanced…

Hackers Exploit Rainbow Six Siege Servers, Ubisoft Responds

Key Takeaways Hackers successfully breached Rainbow Six Siege, distributing enormous amounts of in-game currency. Players discovered unexpected changes…

Trust Wallet Investigates Browser Extension Security Incident

Key Takeaways A recent security incident in Trust Wallet’s browser extension has affected 2,596 wallets, leading to the…

Trust Wallet Users Experience $7 Million Loss Due to Hacked Chrome Extension

Key Takeaways Trust Wallet faced a significant security breach affecting its Chrome extension, resulting in over $7 million…

Trust Wallet Browser Extension Security Incident Leads to Losses

Key Takeaways Trust Wallet identified a significant security breach in its browser extension version 2.68. Approximately over $6…

Popular coins

Latest Crypto News

16:46

Flow: AML/KYC Process Vulnerability on a certain exchange, after a recent exploit, resulted in a transfer of 150 million FLOW to sell and cash out over $5 million from the account.

BlockBeats News, January 1st, the Flow Foundation issued a statement regarding the post-December 27th exploit incident coordination with exchanges. Since the incident, the Flow Foundation and its forensic partners have collaborated with global exchanges to protect users and resume operations, with K...
16:16

Citigroup: Expects a 75,000 increase in nonfarm payrolls in December, with the unemployment rate rising to 4.7%

BlockBeats News, December 31st, a Citigroup economist said that the decline in initial jobless claims around the holiday should be taken with a grain of salt. During the week of Christmas, initial jobless claims dropped from 215,000 to 199,000, while forecasters expected 220,000. Citigroup stated: "...
16:16

Ethereum Sees 12.6% Annual Price Decline in 2025, Surges to All-Time High Above $4900 Mid-Year

BlockBeats News, January 1st, according to HTX market data, Ethereum saw a full-year price drop of 12.6% in 2025, with a year-end price of $2984.Throughout the year, Ethereum opened at $3414 and followed a reverse "N" trend. It hit the annual low of $1385 in April, gradually recovered, and reached t...
16:16

U.S. Senator Cynthia Lummis: "Responsible Financial Innovation Act of 2026" Allows Large Banks to Provide Digital Asset Custody, Escrow, and Payment Services

BlockBeats News, January 1st, U.S. Senator Cynthia Lummis stated in a post that the "Responsible Innovation in Financial Services Act of 2026" allows large banks to offer digital asset custody, staking, and payment services under appropriate regulation. Senator Cynthia Lummis pointed out that digita...
15:46

Coinbase Chief Compliance Officer: Regulatory Clarity Driving Crypto Industry Toward Emerging Pillar of Global Financial Infrastructure

BlockBeats News, December 31st, Coinbase's Director of Investment Research, David Duong, posted an article stating, "Despite the recent somewhat subdued performance of cryptocurrency prices, this is still an extraordinary and transformative period for the crypto ecosystem. I believe that the core fe...
Read more
Community
iconiconiconiconiconicon

Customer Support@weikecs

Business Cooperation@weikecs

Quant Trading & MMbd@weex.com

VIP Servicessupport@weex.com