Cybersecurity firm Jamf has identified a new tactic used by attackers to distribute a variant of MacSync Stealer malware. This method involves a legitimate-looking app that is signed and notarized, acting as a facade to download and execute malicious scripts from remote servers. The sophistication of this approach marks a significant shift in how malware is being delivered to Mac users.
Historically, the relatively low market share of Macs and Apple's built-in security features limited the prevalence of malware on these devices. However, as Mac usage has increased, so has the interest of cybercriminals, particularly targeting users for financial scams. Recent findings show that while macOS has rigorous checks to prevent unauthorized app installations, attackers are finding innovative ways to bypass these safeguards.
Earlier this month, it was reported that some criminals are leveraging AI tools like ChatGPT to deceive users into executing commands that install unwanted software. The trend suggests that malware distribution methods are evolving, as attackers seek to embed malicious payloads within seemingly benign applications, reflecting a broader change in the macOS malware landscape.