- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
macOS Trojan Upgrades: Spreading through Signed App, Encrypting Users Face More Covert Risk
BlockBeats News, December 23, SlowMist Chief Security Officer 23pds shared a post stating that the MacSync Stealer malware active on the macOS platform has undergone significant evolution, with user assets already being stolen. The article shared by him mentioned that from earlier reliance on "drag-and-drop to Terminal" and "ClickFix" and other low-threshold inducement methods, it has upgraded to code signing and through Apple notarized Swift applications, significantly improving its stealthiness.
Researchers found that this sample is being spread in the form of a disk image named zk-call-messenger-installer-3.9.2-lts.dmg, disguised as instant messaging or utility applications to induce users to download. Unlike before, the new version no longer requires any terminal operation by the user but is pulled and executed by a built-in Swift helper from a remote server to complete the information theft process.
This malware has been code signed and notarized by Apple, with the developer team ID being GNJLS3UYZ4, and the related hash has not been revoked by Apple during analysis. This means that it has a higher "trust level" under macOS's default security mechanisms, making it easier to bypass user vigilance. Research also found that the DMG file is unusually large, containing decoy files related to LibreOffice PDFs, among others, to further reduce suspicion.
Security researchers pointed out that such information-stealing trojans often target browser data, account credentials, and cryptocurrency wallet information. As malware begins to systematically abuse Apple's signing and notarization mechanism, cryptocurrency users in the macOS environment are facing an increasing risk of phishing and private key leaks.
Users are strongly advised to ensure that threat prevention and advanced threat control are enabled in Jamf for Mac and set to blocking mode to defend against these latest variants of information-stealing malware.
You may also like
Aster Chain officially launches: defining a new era of on-chain privacy and transparency
Stargate Debut Illustrated: The 1.4 Trillion Computing Power Empire Dream, Awakened
A Billion-Dollar Life Buy Threat Triggered by an Iranian Missile
BlackRock Launches ETHB: Ethereum ETF Enters 'Interest-Bearing Age'
Nvidia Starts Putting Chips in the Road | Rewire News Evening Update
RootData: February 2026 Cryptocurrency Exchange Transparency Research Report
「One and Done SEA」, so OpenSea chooses to wait a little longer
Ray Dalio: The Resolution of the US-Iran Conflict Is In the Strait of Hormuz
In just 70 days, Polymarket easily raked in tens of millions in fees
Matrixdock is launching the Silver Token XAGm, built on the FRS standard as an on-chain silver-backed asset.
a16z: The Hardest Enterprise Software, and the Greatest Opportunity in AI
Polymarket Market-Making Bible: Pricing Spread Formula
Ray Dalio: If the United States loses Hormuz, it will lose more than just a war
How to Earn Up to 40% Rebates on Crypto Futures Trading (WEEX Trade to Earn IV Guide)
WEEX Trade to Earn IV lets traders earn up to 40% fee rebates in real time through a tiered miner system tied to trading activity. With additional boosts from referrals, it offers a more reliable alternative to airdrops as the crypto market gains momentum.
NVIDIA Plays Trillion-Dollar Chess Game | Rewire News Morning Edition
Real-time Update | NVIDIA GTC 2026 Conference Highlights Galore
People Behind Pokémon Go: Started with CIA's Money, Now Mapping the World for the Military AI
App