2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.

A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html

Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: https://app.any.run/tasks/afd3ae74-2976-492b-a3c0-6e19e9127f68

Macbook users watch out! New MacSync Stealer malware is slipping past Apple’s notarization, disguised as a trusted app and stealing saved passwords from macOS devices, experts warn.

Read: https://hackread.com/macsync-stealer-mac-app-saved-passwords/

#Malware #Apple #CyberSecurity #macOS #MacSyncStealer

macOS 15 aggirato da variante malware MacSync Stealer
#AppStore #Apple #CyberSecurity #Mac #MacBook #macOS #macOS15 #macOSGatekeeper #MacSyncStealer #Malware #Sicurezza

https://www.ceotech.it/macos-15-aggirato-da-variante-malware-macsync-stealer/

El equipo de #JamfThreatLabs informa sobre una variante del malware #MacSyncStealer

#malware #macOS #ciberseguridad

https://mecambioamac.com/jamf-threat-labs-informa-sobre-una-variante-del-malware-macsync-stealer/

New Mac malware just dropped!

MacSync Stealer variant bypasses Apple malware protections

https://9to5mac.com/2025/12/22/macsync-stealer-variant-finds-a-way-to-bypass-apple-malware-protections/

#MacSyncStealer #Apple #Mac #Malware #Vulnerability #Security #Privacy #Tech