Find notable cyber news and cases, enriched with sources, timelines, and signals.

MacSync Mac.C notarized Swift dropper for macOS

Malware Activity
First reported
Last updated
Happening score
H score 19
2 unique sources, 2 articles

Summary

Hide ▲

The MacSync information stealer now arrives on macOS as a code-signed, notarized Swift app, raising the odds of successful delivery and increasing credential-theft risk. The payload is packaged in a disk image and uses a dropper to evade Gatekeeper, while also checking for internet connectivity and wiping execution scripts. The family emerged in April 2025 as Mac.C and can steal iCloud keychain credentials, browser passwords, wallet data, and files.

Related Happenings

MacOS XPC cached signature trust privilege escalation privilege-escalation flaw

Vulnerability
H score23 First: 25.06.2026 14:00 Last: 25.06.2026 14:00 Sources 1

About this happening: **macOS XPC trusted software verification** lets a **non-root user** abuse cached signature trust to call privileged helper functions without authentication, opening a route to **...

MacOS.Gaslight prompt-injection technique aimed at AI-assisted triage

Technical Analysis
H score23 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

About this happening: **macOS.Gaslight** is a **Rust-based macOS implant and information stealer** assessed with high confidence as the work of **North Korea-aligned threat actors**. The sample uses **...

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

MiningDropper (BeatBanker) modular Android payload framework with encrypted staging

Technical Analysis
H score22 First: 24.04.2026 14:48 Last: 24.04.2026 14:48 Sources 1

About this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...

MacOS living-off-the-land analysis exposing native-feature abuse

Technical Analysis
H score20 First: 22.04.2026 19:30 Last: 22.04.2026 19:30 Sources 1

About this happening: Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...

Timeline

  1. 22.12.2025 22:43 2 articles · 6mo ago

    MacSync Mac.C notarized Swift dropper for macOS

    Initial Disclosure

    The initial phase centered on a **signed DMG dropper** delivered from `https://zkcall.net/download`, packaged to avoid direct Terminal use. The decoded payload then exposed the usual **MacSync Stealer** behavior after basic environment checks.

    Show sources