home > 快讯 > body

macOS Trojan Upgrade: Spreading with Signature Applications, Encrypted Users Face More Hidden Risks

clock
2025-12-23 06:32:45
SlowMist Chief Information Security Officer 23pds shared that the MacSync Stealer malicious software active on the macOS platform has evolved significantly, and user assets have been stolen. The forwarded article mentioned that from the early reliance on low-threshold inducement methods such as "drag to end point" and "ClickFix", it has been upgraded to code signing and notarized by Apple's Swift application, which has significantly improved concealment.
The researchers found that the sample was propagated in the form of a disk image called zk-call-messenger-installer- 3.9.2 -lts.dmg, which was disguised as an instant message or utility app to induce users to download. Unlike in the past, the new version does not require users to perform any end point operations. Instead, a built-in Swift helper pulls from a remote server and executes an encoded script to complete the information theft process.
The malicious program has been signed and notarized by Apple. The developer team ID is GNJLS3UYZ4, and the relevant hash has not been revoked by Apple at the time of analysis. This means that it has higher "credibility" under the default macOS security mechanism, and it is easier to bypass user vigilance. The study also found that the DMG is unusually large and contains decoy files such as LibreOffice-related PDFs to further reduce suspicion.
Security researchers point out that such information theft Trojans often target browser data, account credentials, and encrypted wallet information. As malicious software begins to systematically abuse Apple's signature and notarization mechanisms, the risk of phishing and private key leakage for crypto asset users in the macOS environment is on the rise.
Disclaimer
DisclaimerContent1
DisclaimerContent2
HomeExtensionTitle
HomeDesc

7x24 newsflash